From 45f40fbbeba8a5dee288025ce32ee24bc643ba0a Mon Sep 17 00:00:00 2001 From: awssdkgo Date: Fri, 14 Feb 2020 19:18:20 +0000 Subject: [PATCH] Release v1.29.3 (2020-02-14) === ### Service Client Updates * `service/ec2`: Updates service API and documentation * You can now enable Multi-Attach on Provisioned IOPS io1 volumes through the create-volume API. * `service/mediatailor`: Updates service API and documentation * `service/securityhub`: Updates service API, documentation, and paginators * `service/shield`: Updates service API and documentation * This release adds support for associating Amazon Route 53 health checks to AWS Shield Advanced protected resources. ### SDK Enhancements * `aws/credentials`: Add support for context when getting credentials. * Adds `GetWithContext` to `Credentials` that allows canceling getting the credentials if the context is canceled, or times out. This fixes an issue where API operations would ignore their provide context when waiting for credentials to refresh. * Related to [#3127](https://github.com/aws/aws-sdk-go/pull/3127). --- CHANGELOG.md | 16 + CHANGELOG_PENDING.md | 3 - aws/version.go | 2 +- models/apis/ec2/2016-11-15/api-2.json | 39 +- models/apis/ec2/2016-11-15/docs-2.json | 29 +- models/apis/mediatailor/2018-04-23/api-2.json | 19 +- .../apis/mediatailor/2018-04-23/docs-2.json | 6 +- models/apis/securityhub/2018-10-26/api-2.json | 51 +- .../apis/securityhub/2018-10-26/docs-2.json | 96 ++- .../securityhub/2018-10-26/paginators-1.json | 25 + models/apis/shield/2016-06-02/api-2.json | 77 +- models/apis/shield/2016-06-02/docs-2.json | 45 +- service/ec2/api.go | 85 ++- service/mediatailor/api.go | 37 + service/securityhub/api.go | 657 ++++++++++++++++-- service/securityhub/doc.go | 12 +- .../securityhub/securityhubiface/interface.go | 19 + service/shield/api.go | 370 +++++++++- service/shield/errors.go | 2 +- service/shield/shieldiface/interface.go | 8 + 20 files changed, 1461 insertions(+), 137 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 69b8aa14226..5477d25e423 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,19 @@ +Release v1.29.3 (2020-02-14) +=== + +### Service Client Updates +* `service/ec2`: Updates service API and documentation + * You can now enable Multi-Attach on Provisioned IOPS io1 volumes through the create-volume API. +* `service/mediatailor`: Updates service API and documentation +* `service/securityhub`: Updates service API, documentation, and paginators +* `service/shield`: Updates service API and documentation + * This release adds support for associating Amazon Route 53 health checks to AWS Shield Advanced protected resources. + +### SDK Enhancements +* `aws/credentials`: Add support for context when getting credentials. + * Adds `GetWithContext` to `Credentials` that allows canceling getting the credentials if the context is canceled, or times out. This fixes an issue where API operations would ignore their provide context when waiting for credentials to refresh. + * Related to [#3127](https://github.com/aws/aws-sdk-go/pull/3127). + Release v1.29.2 (2020-02-13) === diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md index 25f1134afe1..8a1927a39ca 100644 --- a/CHANGELOG_PENDING.md +++ b/CHANGELOG_PENDING.md @@ -1,8 +1,5 @@ ### SDK Features ### SDK Enhancements -* `aws/credentials`: Add support for context when getting credentials. - * Adds `GetWithContext` to `Credentials` that allows canceling getting the credentials if the context is canceled, or times out. This fixes an issue where API operations would ignore their provide context when waiting for credentials to refresh. - * Related to [#3127](https://github.com/aws/aws-sdk-go/pull/3127). ### SDK Bugs diff --git a/aws/version.go b/aws/version.go index 2f7db59f872..b60d2b5edbf 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.29.2" +const SDKVersion = "1.29.3" diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index 81eaf66246e..c85623661fb 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -7632,7 +7632,8 @@ "TagSpecifications":{ "shape":"TagSpecificationList", "locationName":"TagSpecification" - } + }, + "MultiAttachEnabled":{"shape":"Boolean"} } }, "CreateVpcEndpointConnectionNotificationRequest":{ @@ -12074,7 +12075,7 @@ ], "members":{ "Attribute":{"shape":"VolumeAttributeName"}, - "VolumeId":{"shape":"String"}, + "VolumeId":{"shape":"VolumeId"}, "DryRun":{ "shape":"Boolean", "locationName":"dryRun" @@ -28101,6 +28102,10 @@ "FastRestored":{ "shape":"Boolean", "locationName":"fastRestored" + }, + "MultiAttachEnabled":{ + "shape":"Boolean", + "locationName":"multiAttachEnabled" } } }, @@ -28171,7 +28176,7 @@ "VolumeIdStringList":{ "type":"list", "member":{ - "shape":"String", + "shape":"VolumeId", "locationName":"VolumeId" } }, @@ -28290,6 +28295,26 @@ "locationName":"item" } }, + "VolumeStatusAttachmentStatus":{ + "type":"structure", + "members":{ + "IoPerformance":{ + "shape":"String", + "locationName":"ioPerformance" + }, + "InstanceId":{ + "shape":"String", + "locationName":"instanceId" + } + } + }, + "VolumeStatusAttachmentStatusList":{ + "type":"list", + "member":{ + "shape":"VolumeStatusAttachmentStatus", + "locationName":"item" + } + }, "VolumeStatusDetails":{ "type":"structure", "members":{ @@ -28332,6 +28357,10 @@ "NotBefore":{ "shape":"MillisecondDateTime", "locationName":"notBefore" + }, + "InstanceId":{ + "shape":"String", + "locationName":"instanceId" } } }, @@ -28389,6 +28418,10 @@ "VolumeStatus":{ "shape":"VolumeStatusInfo", "locationName":"volumeStatus" + }, + "AttachmentStatuses":{ + "shape":"VolumeStatusAttachmentStatusList", + "locationName":"attachmentStatuses" } } }, diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index 12682f599ea..2f55be4fd0e 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -1157,6 +1157,7 @@ "CreateTransitGatewayVpcAttachmentRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "CreateVolumeRequest$Encrypted": "

Specifies whether the volume should be encrypted. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Encryption by Default in the Amazon Elastic Compute Cloud User Guide.

Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Supported Instance Types.

", "CreateVolumeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", + "CreateVolumeRequest$MultiAttachEnabled": "

Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Nitro-based instances in the same Availability Zone. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.

", "CreateVpcEndpointConnectionNotificationRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "CreateVpcEndpointRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "CreateVpcEndpointRequest$PrivateDnsEnabled": "

(Interface endpoint) Indicates whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.

To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to set the VPC attributes.

Default: true

", @@ -1599,6 +1600,7 @@ "UpdateSecurityGroupRuleDescriptionsIngressResult$Return": "

Returns true if the request succeeds; otherwise, returns an error.

", "Volume$Encrypted": "

Indicates whether the volume is encrypted.

", "Volume$FastRestored": "

Indicates whether the volume was created using fast snapshot restore.

", + "Volume$MultiAttachEnabled": "

Indicates whether Amazon EBS Multi-Attach is enabled.

", "VolumeAttachment$DeleteOnTermination": "

Indicates whether the EBS volume is deleted on instance termination.

", "Vpc$IsDefault": "

Indicates whether the VPC is the default VPC.

", "VpcClassicLink$ClassicLinkEnabled": "

Indicates whether the VPC is enabled for ClassicLink.

", @@ -5916,8 +5918,8 @@ "DescribeTransitGatewayVpcAttachmentsRequest$Filters": "

One or more filters. The possible values are:

", "DescribeTransitGatewaysRequest$Filters": "

One or more filters. The possible values are:

", "DescribeVolumeStatusRequest$Filters": "

The filters.

", - "DescribeVolumesModificationsRequest$Filters": "

The filters. Supported filters: volume-id, modification-state, target-size, target-iops, target-volume-type, original-size, original-iops, original-volume-type, start-time.

", - "DescribeVolumesRequest$Filters": "

The filters.

", + "DescribeVolumesModificationsRequest$Filters": "

The filters. Supported filters: volume-id | modification-state | target-size | target-iops | target-volume-type | original-size | original-iops | original-volume-type | start-time | originalMultiAttachEnabled | targetMultiAttachEnabled.

", + "DescribeVolumesRequest$Filters": "

The filters.

", "DescribeVpcClassicLinkRequest$Filters": "

One or more filters.

", "DescribeVpcEndpointConnectionNotificationsRequest$Filters": "

One or more filters.

", "DescribeVpcEndpointConnectionsRequest$Filters": "

One or more filters.

", @@ -7086,7 +7088,7 @@ "CreateInstanceExportTaskRequest$InstanceId": "

The ID of the instance.

", "CreateRouteRequest$InstanceId": "

The ID of a NAT instance in your VPC. The operation fails if you specify an instance ID unless exactly one network interface is attached.

", "DetachClassicLinkVpcRequest$InstanceId": "

The ID of the instance to unlink from the VPC.

", - "DetachVolumeRequest$InstanceId": "

The ID of the instance.

", + "DetachVolumeRequest$InstanceId": "

The ID of the instance. If you are detaching a Multi-Attach enabled volume, you must specify an instance ID.

", "GetConsoleOutputRequest$InstanceId": "

The ID of the instance.

", "GetConsoleScreenshotRequest$InstanceId": "

The ID of the instance.

", "GetLaunchTemplateDataRequest$InstanceId": "

The ID of the instance.

", @@ -11921,7 +11923,6 @@ "DescribeTransitGatewayVpcAttachmentsResult$NextToken": "

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", "DescribeTransitGatewaysRequest$NextToken": "

The token for the next page of results.

", "DescribeTransitGatewaysResult$NextToken": "

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", - "DescribeVolumeAttributeRequest$VolumeId": "

The ID of the volume.

", "DescribeVolumeAttributeResult$VolumeId": "

The ID of the volume.

", "DescribeVolumeStatusRequest$NextToken": "

The NextToken value to include in a future DescribeVolumeStatus request. When the results of the request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

", "DescribeVolumeStatusResult$NextToken": "

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", @@ -13002,17 +13003,19 @@ "VolumeAttachment$Device": "

The device name.

", "VolumeAttachment$InstanceId": "

The ID of the instance.

", "VolumeAttachment$VolumeId": "

The ID of the volume.

", - "VolumeIdStringList$member": null, "VolumeModification$VolumeId": "

The ID of the volume.

", "VolumeModification$StatusMessage": "

A status message about the modification progress or failure.

", "VolumeStatusAction$Code": "

The code identifying the operation, for example, enable-volume-io.

", "VolumeStatusAction$Description": "

A description of the operation.

", "VolumeStatusAction$EventId": "

The ID of the event associated with this operation.

", "VolumeStatusAction$EventType": "

The event type associated with this operation.

", + "VolumeStatusAttachmentStatus$IoPerformance": "

The maximum IOPS supported by the attached instance.

", + "VolumeStatusAttachmentStatus$InstanceId": "

The ID of the attached instance.

", "VolumeStatusDetails$Status": "

The intended status of the volume status.

", "VolumeStatusEvent$Description": "

A description of the event.

", "VolumeStatusEvent$EventId": "

The ID of this event.

", "VolumeStatusEvent$EventType": "

The type of this event.

", + "VolumeStatusEvent$InstanceId": "

The ID of the instance associated with the event.

", "VolumeStatusItem$AvailabilityZone": "

The Availability Zone of the volume.

", "VolumeStatusItem$OutpostArn": "

The Amazon Resource Name (ARN) of the Outpost.

", "VolumeStatusItem$VolumeId": "

The volume ID.

", @@ -14358,11 +14361,13 @@ "AttachVolumeRequest$VolumeId": "

The ID of the EBS volume. The volume and instance must be within the same Availability Zone.

", "CreateSnapshotRequest$VolumeId": "

The ID of the EBS volume.

", "DeleteVolumeRequest$VolumeId": "

The ID of the volume.

", + "DescribeVolumeAttributeRequest$VolumeId": "

The ID of the volume.

", "DetachVolumeRequest$VolumeId": "

The ID of the volume.

", "EbsInstanceBlockDeviceSpecification$VolumeId": "

The ID of the EBS volume.

", "EnableVolumeIORequest$VolumeId": "

The ID of the volume.

", "ModifyVolumeAttributeRequest$VolumeId": "

The ID of the volume.

", - "ModifyVolumeRequest$VolumeId": "

The ID of the volume.

" + "ModifyVolumeRequest$VolumeId": "

The ID of the volume.

", + "VolumeIdStringList$member": null } }, "VolumeIdStringList": { @@ -14416,6 +14421,18 @@ "VolumeStatusItem$Actions": "

The details of the operation.

" } }, + "VolumeStatusAttachmentStatus": { + "base": "

Information about the instances to which the volume is attached.

", + "refs": { + "VolumeStatusAttachmentStatusList$member": null + } + }, + "VolumeStatusAttachmentStatusList": { + "base": null, + "refs": { + "VolumeStatusItem$AttachmentStatuses": "

Information about the instances to which the volume is attached.

" + } + }, "VolumeStatusDetails": { "base": "

Describes a volume status.

", "refs": { diff --git a/models/apis/mediatailor/2018-04-23/api-2.json b/models/apis/mediatailor/2018-04-23/api-2.json index 006902b91f8..e61bce1333b 100644 --- a/models/apis/mediatailor/2018-04-23/api-2.json +++ b/models/apis/mediatailor/2018-04-23/api-2.json @@ -210,7 +210,10 @@ }, "CdnConfiguration": { "shape": "CdnConfiguration" - }, + }, + "PersonalizationThresholdSeconds" : { + "shape" : "__integerMin1" + }, "DashConfiguration": { "shape": "DashConfiguration" }, @@ -318,7 +321,10 @@ }, "CdnConfiguration": { "shape": "CdnConfiguration" - }, + }, + "PersonalizationThresholdSeconds" : { + "shape" : "__integerMin1" + }, "DashConfiguration": { "shape": "DashConfiguration" }, @@ -371,7 +377,10 @@ }, "CdnConfiguration": { "shape": "CdnConfiguration" - }, + }, + "PersonalizationThresholdSeconds" : { + "shape" : "__integerMin1" + }, "DashConfiguration": { "shape": "DashConfigurationForPut" }, @@ -499,6 +508,10 @@ }, "__integer": { "type": "integer" + }, + "__integerMin1": { + "type": "integer", + "min": 1 }, "__integerMin1Max100": { "max": 100, diff --git a/models/apis/mediatailor/2018-04-23/docs-2.json b/models/apis/mediatailor/2018-04-23/docs-2.json index 1c14c8c4e1c..70656e54d8e 100644 --- a/models/apis/mediatailor/2018-04-23/docs-2.json +++ b/models/apis/mediatailor/2018-04-23/docs-2.json @@ -81,7 +81,9 @@ "__integer" : { "base" : null, "refs" : { - "LivePreRollConfiguration$MaxDurationSeconds" : "The maximum allowed duration for the pre-roll ad avail. AWS Elemental MediaTailor won't play pre-roll ads to exceed this duration, regardless of the total duration of ads that the ADS returns." + "LivePreRollConfiguration$MaxDurationSeconds" : "The maximum allowed duration for the pre-roll ad avail. AWS Elemental MediaTailor won't play pre-roll ads to exceed this duration, regardless of the total duration of ads that the ADS returns.", + "GetPlaybackConfigurationResponse$PersonalizationThresholdSeconds" : "The maximum duration of underfilled ad time (in seconds) allowed in an ad break.", + "PutPlaybackConfigurationRequest$PersonalizationThresholdSeconds" : "The maximum duration of underfilled ad time (in seconds) allowed in an ad break." } }, "__listOfPlaybackConfigurations": { @@ -114,6 +116,7 @@ "GetPlaybackConfigurationResponse$SessionInitializationEndpointPrefix": "

The URL that the player uses to initialize a session that uses client-side reporting.

", "GetPlaybackConfigurationResponse$SlateAdUrl": "

The URL for a high-quality video asset to transcode and use to fill in time that's not used by ads. AWS Elemental MediaTailor shows the slate to fill in gaps in media content. Configuring the slate is optional for non-VPAID playback configurations. For VPAID, the slate is required because MediaTailor provides it in the slots designated for dynamic ad content. The slate must be a high-quality asset that contains both audio and video.

", "GetPlaybackConfigurationResponse$TranscodeProfileName": "

The name that is used to associate this playback configuration with a custom transcode profile. This overrides the dynamic transcoding defaults of MediaTailor. Use this only if you have already set up custom profiles with the help of AWS Support.

", + "GetPlaybackConfigurationResponse$PersonalizationThresholdSeconds": "

The maximum duration of underfilled ad time (in seconds) allowed in an ad break.

", "GetPlaybackConfigurationResponse$VideoContentSourceUrl": "

The URL prefix for the master playlist for the stream, minus the asset ID. The maximum length is 512 characters.

", "HlsConfiguration$ManifestEndpointPrefix": "

The URL that is used to initiate a playback session for devices that support Apple HLS. The session uses server-side reporting.

", "ListPlaybackConfigurationsResponse$NextToken": "

Pagination token returned by the GET list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

", @@ -122,6 +125,7 @@ "PutPlaybackConfigurationRequest$Name": "

The identifier for the playback configuration.

", "PutPlaybackConfigurationRequest$SlateAdUrl": "

The URL for a high-quality video asset to transcode and use to fill in time that's not used by ads. AWS Elemental MediaTailor shows the slate to fill in gaps in media content. Configuring the slate is optional for non-VPAID configurations. For VPAID, the slate is required because MediaTailor provides it in the slots that are designated for dynamic ad content. The slate must be a high-quality asset that contains both audio and video.

", "PutPlaybackConfigurationRequest$TranscodeProfileName": "

The name that is used to associate this playback configuration with a custom transcode profile. This overrides the dynamic transcoding defaults of MediaTailor. Use this only if you have already set up custom profiles with the help of AWS Support.

", + "PutPlaybackConfigurationRequest$PersonalizationThresholdSeconds": "

The maximum duration of underfilled ad time (in seconds) allowed in an ad break.

", "PutPlaybackConfigurationRequest$VideoContentSourceUrl": "

The URL prefix for the master playlist for the stream, minus the asset ID. The maximum length is 512 characters.

", "__mapOf__string$member": null } diff --git a/models/apis/securityhub/2018-10-26/api-2.json b/models/apis/securityhub/2018-10-26/api-2.json index 5dc3cdb05ac..9232d7dcb14 100644 --- a/models/apis/securityhub/2018-10-26/api-2.json +++ b/models/apis/securityhub/2018-10-26/api-2.json @@ -245,6 +245,20 @@ {"shape":"InvalidInputException"} ] }, + "DescribeStandards":{ + "name":"DescribeStandards", + "http":{ + "method":"GET", + "requestUri":"/standards" + }, + "input":{"shape":"DescribeStandardsRequest"}, + "output":{"shape":"DescribeStandardsResponse"}, + "errors":[ + {"shape":"InternalException"}, + {"shape":"InvalidInputException"}, + {"shape":"InvalidAccessException"} + ] + }, "DescribeStandardsControls":{ "name":"DescribeStandardsControls", "http":{ @@ -1671,6 +1685,28 @@ "NextToken":{"shape":"NextToken"} } }, + "DescribeStandardsRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "DescribeStandardsResponse":{ + "type":"structure", + "members":{ + "Standards":{"shape":"Standards"}, + "NextToken":{"shape":"NextToken"} + } + }, "DisableImportFindingsForProductRequest":{ "type":"structure", "required":["ProductSubscriptionArn"], @@ -2432,6 +2468,18 @@ "desc" ] }, + "Standard":{ + "type":"structure", + "members":{ + "StandardsArn":{"shape":"NonEmptyString"}, + "Name":{"shape":"NonEmptyString"}, + "Description":{"shape":"NonEmptyString"} + } + }, + "Standards":{ + "type":"list", + "member":{"shape":"Standard"} + }, "StandardsControl":{ "type":"structure", "members":{ @@ -2443,7 +2491,8 @@ "Title":{"shape":"NonEmptyString"}, "Description":{"shape":"NonEmptyString"}, "RemediationUrl":{"shape":"NonEmptyString"}, - "SeverityRating":{"shape":"SeverityRating"} + "SeverityRating":{"shape":"SeverityRating"}, + "RelatedRequirements":{"shape":"RelatedRequirementsList"} } }, "StandardsControls":{ diff --git a/models/apis/securityhub/2018-10-26/docs-2.json b/models/apis/securityhub/2018-10-26/docs-2.json index 8f3ebcebce8..f4b3e00fc59 100644 --- a/models/apis/securityhub/2018-10-26/docs-2.json +++ b/models/apis/securityhub/2018-10-26/docs-2.json @@ -1,14 +1,14 @@ { "version": "2.0", - "service": "

Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also provides you with the compliance status of your environment based on CIS AWS Foundations compliance checks. Security Hub collects security data from AWS accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the AWS Security Hub User Guide .

When you use operations in the Security Hub API, the requests are executed only in the AWS Region that is currently active or in the specific AWS Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, execute the same command for each Region to apply the change to.

For example, if your Region is set to us-west-2, when you use CreateMembers to add a member account to Security Hub, the association of the member account with the master account is created only in the us-west-2 Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.

The following throttling limits apply to using Security Hub API operations.

", + "service": "

Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also provides you with the compliance status of your environment based on controls from supported standards. Security Hub collects security data from AWS accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the AWS Security Hub User Guide .

When you use operations in the Security Hub API, the requests are executed only in the AWS Region that is currently active or in the specific AWS Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, execute the same command for each Region to apply the change to.

For example, if your Region is set to us-west-2, when you use CreateMembers to add a member account to Security Hub, the association of the member account with the master account is created only in the us-west-2 Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.

The following throttling limits apply to using Security Hub API operations.

", "operations": { "AcceptInvitation": "

Accepts the invitation to be a member account and be monitored by the Security Hub master account that the invitation was sent from.

When the member account accepts the invitation, permission is granted to the master account to view findings generated in the member account.

", - "BatchDisableStandards": "

Disables the standards specified by the provided StandardsSubscriptionArns.

For more information, see Standards Supported in AWS Security Hub.

", - "BatchEnableStandards": "

Enables the standards specified by the provided standardsArn.

In this release, only CIS AWS Foundations standards are supported.

For more information, see Standards Supported in AWS Security Hub.

", + "BatchDisableStandards": "

Disables the standards specified by the provided StandardsSubscriptionArns.

For more information, see Compliance Standards section of the AWS Security Hub User Guide.

", + "BatchEnableStandards": "

Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.

For more information, see the Compliance Standards section of the AWS Security Hub User Guide.

", "BatchImportFindings": "

Imports security findings generated from an integrated third-party product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

", "CreateActionTarget": "

Creates a custom action target in Security Hub.

You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.

", "CreateInsight": "

Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.

To group the related findings in the insight, use the GroupByAttribute.

", - "CreateMembers": "

Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the master account. To successfully create a member, you must use this action from an account that already has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.

After you use CreateMembers to create member account associations in Security Hub, you must use the InviteMembers operation to invite the accounts to enable Security Hub and become member accounts in Security Hub.

If the account owner accepts the invitation, the account becomes a member account in Security Hub, and a permission policy is added that permits the master account to view the findings generated in the member account. When Security Hub is enabled in the invited account, findings start to be sent to both the member and master accounts.

To remove the association between the master and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.

", + "CreateMembers": "

Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the master account. To successfully create a member, you must use this action from an account that already has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.

After you use CreateMembers to create member account associations in Security Hub, you must use the InviteMembers operation to invite the accounts to enable Security Hub and become member accounts in Security Hub.

If the account owner accepts the invitation, the account becomes a member account in Security Hub, and a permission policy is added that permits the master account to view the findings generated in the member account. When Security Hub is enabled in the invited account, findings start to be sent to both the member and master accounts.

To remove the association between the master and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.

", "DeclineInvitations": "

Declines invitations to become a member account.

", "DeleteActionTarget": "

Deletes a custom action target from Security Hub.

Deleting a custom action target does not affect any findings or insights that were already sent to Amazon CloudWatch Events using the custom action.

", "DeleteInsight": "

Deletes the insight specified by the InsightArn.

", @@ -17,13 +17,14 @@ "DescribeActionTargets": "

Returns a list of the custom action targets in Security Hub in your account.

", "DescribeHub": "

Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub.

", "DescribeProducts": "

Returns information about the available products that you can subscribe to and integrate with Security Hub in order to consolidate findings.

", + "DescribeStandards": "

Returns a list of the available standards in Security Hub.

For each standard, the results include the standard ARN, the name, and a description.

", "DescribeStandardsControls": "

Returns a list of compliance standards controls.

For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.

", "DisableImportFindingsForProduct": "

Disables the integration of the specified product with Security Hub. After the integration is disabled, findings from that product are no longer sent to Security Hub.

", "DisableSecurityHub": "

Disables Security Hub in your account only in the current Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.

When you disable Security Hub for a master account, it doesn't disable Security Hub for any associated member accounts.

When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings are deleted after 90 days and cannot be recovered. Any standards that were enabled are disabled, and your master and member account associations are removed.

If you want to save your existing findings, you must export them before you disable Security Hub.

", "DisassociateFromMasterAccount": "

Disassociates the current Security Hub member account from the associated master account.

", "DisassociateMembers": "

Disassociates the specified member accounts from the associated master account.

", "EnableImportFindingsForProduct": "

Enables the integration of a partner product with Security Hub. Integrated products send findings to Security Hub.

When you enable a product integration, a permission policy that grants permission for the product to send findings to Security Hub is applied.

", - "EnableSecurityHub": "

Enables Security Hub for your account in the current Region or the Region you specify in the request.

Enabling Security Hub also enables the CIS AWS Foundations standard.

When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from AWS Config, Amazon GuardDuty, Amazon Inspector, and Amazon Macie.

To learn more, see Setting Up AWS Security Hub.

", + "EnableSecurityHub": "

Enables Security Hub for your account in the current Region or the Region you specify in the request.

When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from AWS Config, Amazon GuardDuty, Amazon Inspector, and Amazon Macie.

When you use the EnableSecurityHub operation to enable Security Hub, you also automatically enable the CIS AWS Foundations standard. You do not enable the Payment Card Industry Data Security Standard (PCI DSS) standard. To enable a standard, use the BatchEnableStandards operation. To disable a standard, use the BatchDisableStandards operation.

To learn more, see Setting Up AWS Security Hub in the AWS Security Hub User Guide.

", "GetEnabledStandards": "

Returns a list of the standards that are currently enabled.

", "GetFindings": "

Returns a list of findings that match the specified criteria.

", "GetInsightResults": "

Lists the results of the Security Hub insight specified by the insight ARN.

", @@ -31,7 +32,7 @@ "GetInvitationsCount": "

Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.

", "GetMasterAccount": "

Provides the details for the Security Hub master account for the current member account.

", "GetMembers": "

Returns the details for the Security Hub member accounts for the specified account IDs.

", - "InviteMembers": "

Invites other AWS accounts to become member accounts for the Security Hub master account that the invitation is sent from.

Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.

When the account owner accepts the invitation to become a member account and enables Security Hub, the master account can view the findings generated from the member account.

", + "InviteMembers": "

Invites other AWS accounts to become member accounts for the Security Hub master account that the invitation is sent from.

Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.

When the account owner accepts the invitation to become a member account and enables Security Hub, the master account can view the findings generated from the member account.

", "ListEnabledProductsForImport": "

Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub.

", "ListInvitations": "

Lists all Security Hub membership invitations that were sent to the current AWS account.

", "ListMembers": "

Lists details about all member accounts for the current Security Hub master account.

", @@ -563,7 +564,7 @@ "AwsRdsDbInstanceDetails$IAMDatabaseAuthenticationEnabled": "

True if mapping of AWS Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false.

IAM database authentication can be enabled for the following database engines.

", "AwsRdsDbInstanceDetails$PubliclyAccessible": "

Specifies the accessibility options for the DB instance.

A value of true specifies an Internet-facing instance with a publicly resolvable DNS name, which resolves to a public IP address.

A value of false specifies an internal instance with a DNS name that resolves to a private IP address.

", "AwsRdsDbInstanceDetails$StorageEncrypted": "

Specifies whether the DB instance is encrypted.

", - "ListMembersRequest$OnlyAssociated": "

Specifies which member accounts to include in the response based on their relationship status with the master account. The default value is TRUE.

If onlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the master is set to ENABLED or DISABLED.

If onlyAssociated is set to FALSE, the response includes all existing member accounts.

" + "ListMembersRequest$OnlyAssociated": "

Specifies which member accounts to include in the response based on their relationship status with the master account. The default value is TRUE.

If OnlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the master is set to ENABLED or DISABLED.

If OnlyAssociated is set to FALSE, the response includes all existing member accounts.

" } }, "CategoryList": { @@ -573,9 +574,9 @@ } }, "Compliance": { - "base": "

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.

Values include the following:

", + "base": "

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains compliance-related finding details.

Values include the following:

", "refs": { - "AwsSecurityFinding$Compliance": "

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.

" + "AwsSecurityFinding$Compliance": "

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains compliance-related finding details.

" } }, "ComplianceStatus": { @@ -751,6 +752,16 @@ "refs": { } }, + "DescribeStandardsRequest": { + "base": null, + "refs": { + } + }, + "DescribeStandardsResponse": { + "base": null, + "refs": { + } + }, "DisableImportFindingsForProductRequest": { "base": null, "refs": { @@ -1142,6 +1153,7 @@ "DescribeActionTargetsRequest$MaxResults": "

The maximum number of results to return.

", "DescribeProductsRequest$MaxResults": "

The maximum number of results to return.

", "DescribeStandardsControlsRequest$MaxResults": "

The maximum number of compliance standard controls to return.

", + "DescribeStandardsRequest$MaxResults": "

The maximum number of standards to return.

", "GetEnabledStandardsRequest$MaxResults": "

The maximum number of results to return in the response.

", "GetFindingsRequest$MaxResults": "

The maximum number of findings to return.

", "GetInsightsRequest$MaxResults": "

The maximum number of items to return in the response.

", @@ -1178,22 +1190,24 @@ "NextToken": { "base": null, "refs": { - "DescribeActionTargetsRequest$NextToken": "

The token that is required for pagination.

", - "DescribeActionTargetsResponse$NextToken": "

The token that is required for pagination.

", - "DescribeProductsRequest$NextToken": "

The token that is required for pagination.

", - "DescribeProductsResponse$NextToken": "

The token that is required for pagination.

", - "DescribeStandardsControlsRequest$NextToken": "

For requests to get the next page of results, the pagination token that was returned with the previous set of results. The initial request does not include a pagination token.

", - "DescribeStandardsControlsResponse$NextToken": "

If there are more compliance standards control remaining in the results, then this is the pagination token to use to request the next page of compliance standard controls.

", - "GetEnabledStandardsRequest$NextToken": "

Paginates results. On your first call to the GetEnabledStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set nextToken in the request to the value of nextToken from the previous response.

", - "GetEnabledStandardsResponse$NextToken": "

The token that is required for pagination.

", - "GetFindingsRequest$NextToken": "

Paginates results. On your first call to the GetFindings operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set nextToken in the request to the value of nextToken from the previous response.

", - "GetFindingsResponse$NextToken": "

The token that is required for pagination.

", - "GetInsightsRequest$NextToken": "

Paginates results. On your first call to the GetInsights operation, set the value of this parameter to NULL. For subsequent calls to the operation, to continue listing data, set nextToken in the request to the value of nextToken from the previous response.

", - "GetInsightsResponse$NextToken": "

The token that is required for pagination.

", - "ListEnabledProductsForImportRequest$NextToken": "

Paginates results. On your first call to the ListEnabledProductsForImport operation, set the value of this parameter to NULL. For subsequent calls to the operation, to continue listing data, set nextToken in the request to the value of NextToken from the previous response.

", - "ListEnabledProductsForImportResponse$NextToken": "

The token that is required for pagination.

", - "ListInvitationsRequest$NextToken": "

Paginates results. On your first call to the ListInvitations operation, set the value of this parameter to NULL. For subsequent calls to the operation, to continue listing data, set nextToken in the request to the value of NextToken from the previous response.

", - "ListMembersRequest$NextToken": "

Paginates results. On your first call to the ListMembers operation, set the value of this parameter to NULL. For subsequent calls to the operation, to continue listing data, set nextToken in the request to the value of nextToken from the previous response.

" + "DescribeActionTargetsRequest$NextToken": "

The token that is required for pagination. On your first call to the DescribeActionTargets operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

", + "DescribeActionTargetsResponse$NextToken": "

The pagination token to use to request the next page of results.

", + "DescribeProductsRequest$NextToken": "

The token that is required for pagination. On your first call to the DescribeProducts operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

", + "DescribeProductsResponse$NextToken": "

The pagination token to use to request the next page of results.

", + "DescribeStandardsControlsRequest$NextToken": "

The token that is required for pagination. On your first call to the DescribeStandardsControls operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

", + "DescribeStandardsControlsResponse$NextToken": "

The pagination token to use to request the next page of results.

", + "DescribeStandardsRequest$NextToken": "

The token that is required for pagination. On your first call to the DescribeStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

", + "DescribeStandardsResponse$NextToken": "

The pagination token to use to request the next page of results.

", + "GetEnabledStandardsRequest$NextToken": "

The token that is required for pagination. On your first call to the GetEnabledStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

", + "GetEnabledStandardsResponse$NextToken": "

The pagination token to use to request the next page of results.

", + "GetFindingsRequest$NextToken": "

The token that is required for pagination. On your first call to the GetFindings operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

", + "GetFindingsResponse$NextToken": "

The pagination token to use to request the next page of results.

", + "GetInsightsRequest$NextToken": "

The token that is required for pagination. On your first call to the GetInsights operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

", + "GetInsightsResponse$NextToken": "

The pagination token to use to request the next page of results.

", + "ListEnabledProductsForImportRequest$NextToken": "

The token that is required for pagination. On your first call to the ListEnabledProductsForImport operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

", + "ListEnabledProductsForImportResponse$NextToken": "

The pagination token to use to request the next page of results.

", + "ListInvitationsRequest$NextToken": "

The token that is required for pagination. On your first call to the ListInvitations operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

", + "ListMembersRequest$NextToken": "

The token that is required for pagination. On your first call to the ListMembers operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

" } }, "NonEmptyString": { @@ -1405,8 +1419,8 @@ "KeywordFilter$Value": "

A value for the keyword.

", "LimitExceededException$Message": null, "LimitExceededException$Code": null, - "ListInvitationsResponse$NextToken": "

The token that is required for pagination.

", - "ListMembersResponse$NextToken": "

The token that is required for pagination.

", + "ListInvitationsResponse$NextToken": "

The pagination token to use to request the next page of results.

", + "ListMembersResponse$NextToken": "

The pagination token to use to request the next page of results.

", "LoadBalancerState$Code": "

The state code. The initial state of the load balancer is provisioning.

After the load balancer is fully set up and ready to route traffic, its state is active.

If the load balancer could not be set up, its state is failed.

", "LoadBalancerState$Reason": "

A description of the state.

", "Malware$Name": "

The name of the malware that was observed.

", @@ -1457,18 +1471,21 @@ "Result$ProcessingResult": "

The reason that the account was not processed.

", "SecurityGroups$member": null, "SortCriterion$Field": "

The finding attribute used to sort findings.

", + "Standard$StandardsArn": "

The ARN of a standard.

", + "Standard$Name": "

The name of the standard.

", + "Standard$Description": "

A description of the standard.

", "StandardsControl$StandardsControlArn": "

The ARN of the compliance standard control.

", "StandardsControl$DisabledReason": "

The reason provided for the most recent change in status for the control.

", "StandardsControl$ControlId": "

The identifier of the compliance standard control.

", "StandardsControl$Title": "

The title of the compliance standard control.

", "StandardsControl$Description": "

The longer description of the compliance standard control. Provides information about what the control is checking for.

", - "StandardsControl$RemediationUrl": "

A link to remediation information for the control in the Security Hub user documentation

", + "StandardsControl$RemediationUrl": "

A link to remediation information for the control in the Security Hub user documentation.

", "StandardsInputParameterMap$key": null, "StandardsInputParameterMap$value": null, "StandardsSubscription$StandardsSubscriptionArn": "

The ARN of a resource that represents your subscription to a supported standard.

", - "StandardsSubscription$StandardsArn": "

The ARN of a standard.

In this release, Security Hub supports only the CIS AWS Foundations standard, which uses the following ARN: arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.

", + "StandardsSubscription$StandardsArn": "

The ARN of a standard.

", "StandardsSubscriptionArns$member": null, - "StandardsSubscriptionRequest$StandardsArn": "

The ARN of the standard that you want to enable.

In this release, Security Hub only supports the CIS AWS Foundations standard.

Its ARN is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.

", + "StandardsSubscriptionRequest$StandardsArn": "

The ARN of the standard that you want to enable. To view the list of available standards and their ARNs, use the DescribeStandards operation.

", "StringFilter$Value": "

The string filter value.

", "StringList$member": null, "ThreatIntelIndicator$Value": "

The value of a threat intelligence indicator.

", @@ -1591,7 +1608,8 @@ "RelatedRequirementsList": { "base": null, "refs": { - "Compliance$RelatedRequirements": "

List of requirements that are related to a standards control.

" + "Compliance$RelatedRequirements": "

List of requirements that are related to a standards control.

", + "StandardsControl$RelatedRequirements": "

The list of requirements that are related to this control.

" } }, "Remediation": { @@ -1689,6 +1707,18 @@ "SortCriterion$SortOrder": "

The order used to sort findings.

" } }, + "Standard": { + "base": "

Provides information about a specific standard.

", + "refs": { + "Standards$member": null + } + }, + "Standards": { + "base": null, + "refs": { + "DescribeStandardsResponse$Standards": "

A list of available standards.

" + } + }, "StandardsControl": { "base": "

Details for an individual compliance standard control.

", "refs": { @@ -1736,7 +1766,7 @@ "StandardsSubscriptionRequests": { "base": null, "refs": { - "BatchEnableStandardsRequest$StandardsSubscriptionRequests": "

The list of standards compliance checks to enable.

In this release, Security Hub supports only the CIS AWS Foundations standard.

The ARN for the standard is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.

" + "BatchEnableStandardsRequest$StandardsSubscriptionRequests": "

The list of standards compliance checks to enable.

" } }, "StandardsSubscriptions": { @@ -1807,7 +1837,7 @@ "AwsSecurityFindingFilters$ResourceContainerName": "

The name of the container related to a finding.

", "AwsSecurityFindingFilters$ResourceContainerImageId": "

The identifier of the image related to a finding.

", "AwsSecurityFindingFilters$ResourceContainerImageName": "

The name of the image related to a finding.

", - "AwsSecurityFindingFilters$ComplianceStatus": "

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, CIS AWS Foundations). Contains compliance-related finding details.

", + "AwsSecurityFindingFilters$ComplianceStatus": "

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains compliance-related finding details.

", "AwsSecurityFindingFilters$VerificationState": "

The veracity of a finding.

", "AwsSecurityFindingFilters$WorkflowState": "

The workflow state of a finding.

", "AwsSecurityFindingFilters$RecordState": "

The updated record state for the finding.

", diff --git a/models/apis/securityhub/2018-10-26/paginators-1.json b/models/apis/securityhub/2018-10-26/paginators-1.json index ba58ab3c94d..c7924802d10 100644 --- a/models/apis/securityhub/2018-10-26/paginators-1.json +++ b/models/apis/securityhub/2018-10-26/paginators-1.json @@ -10,6 +10,21 @@ "output_token": "NextToken", "limit_key": "MaxResults" }, + "DescribeStandards": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults" + }, + "DescribeStandardsControls": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults" + }, + "GetEnabledStandards": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults" + }, "GetFindings": { "input_token": "NextToken", "output_token": "NextToken", @@ -24,6 +39,16 @@ "input_token": "NextToken", "output_token": "NextToken", "limit_key": "MaxResults" + }, + "ListInvitations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults" + }, + "ListMembers": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults" } } } diff --git a/models/apis/shield/2016-06-02/api-2.json b/models/apis/shield/2016-06-02/api-2.json index 567cd0eefea..fc297d55cba 100644 --- a/models/apis/shield/2016-06-02/api-2.json +++ b/models/apis/shield/2016-06-02/api-2.json @@ -49,6 +49,22 @@ {"shape":"ResourceNotFoundException"} ] }, + "AssociateHealthCheck":{ + "name":"AssociateHealthCheck", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateHealthCheckRequest"}, + "output":{"shape":"AssociateHealthCheckResponse"}, + "errors":[ + {"shape":"InternalErrorException"}, + {"shape":"LimitsExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"OptimisticLockException"} + ] + }, "CreateProtection":{ "name":"CreateProtection", "http":{ @@ -207,6 +223,21 @@ {"shape":"ResourceNotFoundException"} ] }, + "DisassociateHealthCheck":{ + "name":"DisassociateHealthCheck", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateHealthCheckRequest"}, + "output":{"shape":"DisassociateHealthCheckResponse"}, + "errors":[ + {"shape":"InternalErrorException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"OptimisticLockException"} + ] + }, "GetSubscriptionState":{ "name":"GetSubscriptionState", "http":{ @@ -318,6 +349,22 @@ "members":{ } }, + "AssociateHealthCheckRequest":{ + "type":"structure", + "required":[ + "ProtectionId", + "HealthCheckArn" + ], + "members":{ + "ProtectionId":{"shape":"ProtectionId"}, + "HealthCheckArn":{"shape":"HealthCheckArn"} + } + }, + "AssociateHealthCheckResponse":{ + "type":"structure", + "members":{ + } + }, "AttackDetail":{ "type":"structure", "members":{ @@ -544,6 +591,22 @@ "members":{ } }, + "DisassociateHealthCheckRequest":{ + "type":"structure", + "required":[ + "ProtectionId", + "HealthCheckArn" + ], + "members":{ + "ProtectionId":{"shape":"ProtectionId"}, + "HealthCheckArn":{"shape":"HealthCheckArn"} + } + }, + "DisassociateHealthCheckResponse":{ + "type":"structure", + "members":{ + } + }, "Double":{"type":"double"}, "DurationInSeconds":{ "type":"long", @@ -580,6 +643,17 @@ "SubscriptionState":{"shape":"SubscriptionState"} } }, + "HealthCheckArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"^arn:aws:route53:::healthcheck/\\S{36}$" + }, + "HealthCheckId":{"type":"string"}, + "HealthCheckIds":{ + "type":"list", + "member":{"shape":"HealthCheckId"} + }, "Integer":{"type":"integer"}, "InternalErrorException":{ "type":"structure", @@ -725,7 +799,8 @@ "members":{ "Id":{"shape":"ProtectionId"}, "Name":{"shape":"ProtectionName"}, - "ResourceArn":{"shape":"ResourceArn"} + "ResourceArn":{"shape":"ResourceArn"}, + "HealthCheckIds":{"shape":"HealthCheckIds"} } }, "ProtectionId":{ diff --git a/models/apis/shield/2016-06-02/docs-2.json b/models/apis/shield/2016-06-02/docs-2.json index 8a6704e191d..d7018a2d48e 100644 --- a/models/apis/shield/2016-06-02/docs-2.json +++ b/models/apis/shield/2016-06-02/docs-2.json @@ -4,6 +4,7 @@ "operations": { "AssociateDRTLogBucket": "

Authorizes the DDoS Response team (DRT) to access the specified Amazon S3 bucket containing your AWS WAF logs. You can associate up to 10 Amazon S3 buckets with your subscription.

To use the services of the DRT and make an AssociateDRTLogBucket request, you must be subscribed to the Business Support plan or the Enterprise Support plan.

", "AssociateDRTRole": "

Authorizes the DDoS Response team (DRT), using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks. This enables the DRT to inspect your AWS WAF configuration and create or update AWS WAF rules and web ACLs.

You can associate only one RoleArn with your subscription. If you submit an AssociateDRTRole request for an account that already has an associated role, the new RoleArn will replace the existing RoleArn.

Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to the role you will specify in the request. For more information see Attaching and Detaching IAM Policies. The role must also trust the service principal drt.shield.amazonaws.com. For more information, see IAM JSON Policy Elements: Principal.

The DRT will have access only to your AWS WAF and Shield resources. By submitting this request, you authorize the DRT to inspect your AWS WAF and Shield configuration and create and update AWS WAF rules and web ACLs on your behalf. The DRT takes these actions only if explicitly authorized by you.

You must have the iam:PassRole permission to make an AssociateDRTRole request. For more information, see Granting a User Permissions to Pass a Role to an AWS Service.

To use the services of the DRT and make an AssociateDRTRole request, you must be subscribed to the Business Support plan or the Enterprise Support plan.

", + "AssociateHealthCheck": "

Adds health-based detection to the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your AWS resource to improve responsiveness and accuracy in attack detection and mitigation.

You define the health check in Route 53 and then associate it with your Shield Advanced protection. For more information, see Shield Advanced Health-Based Detection in the AWS WAF and AWS Shield Developer Guide.

", "CreateProtection": "

Enables AWS Shield Advanced for a specific AWS resource. The resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, AWS Global Accelerator accelerator, Elastic IP Address, or an Amazon Route 53 hosted zone.

You can add protection to only a single resource with each CreateProtection request. If you want to add protection to multiple resources at once, use the AWS WAF console. For more information see Getting Started with AWS Shield Advanced and Add AWS Shield Advanced Protection to more AWS Resources.

", "CreateSubscription": "

Activates AWS Shield Advanced for an account.

As part of this request you can specify EmergencySettings that automaticaly grant the DDoS response team (DRT) needed permissions to assist you during a suspected DDoS attack. For more information see Authorize the DDoS Response Team to Create Rules and Web ACLs on Your Behalf.

To use the services of the DRT, you must be subscribed to the Business Support plan or the Enterprise Support plan.

When you initally create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period. You can change this by submitting an UpdateSubscription request.

", "DeleteProtection": "

Deletes an AWS Shield Advanced Protection.

", @@ -15,6 +16,7 @@ "DescribeSubscription": "

Provides details about the AWS Shield Advanced subscription for an account.

", "DisassociateDRTLogBucket": "

Removes the DDoS Response team's (DRT) access to the specified Amazon S3 bucket containing your AWS WAF logs.

To make a DisassociateDRTLogBucket request, you must be subscribed to the Business Support plan or the Enterprise Support plan. However, if you are not subscribed to one of these support plans, but had been previously and had granted the DRT access to your account, you can submit a DisassociateDRTLogBucket request to remove this access.

", "DisassociateDRTRole": "

Removes the DDoS Response team's (DRT) access to your AWS account.

To make a DisassociateDRTRole request, you must be subscribed to the Business Support plan or the Enterprise Support plan. However, if you are not subscribed to one of these support plans, but had been previously and had granted the DRT access to your account, you can submit a DisassociateDRTRole request to remove this access.

", + "DisassociateHealthCheck": "

Removes health-based detection from the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your AWS resource to improve responsiveness and accuracy in attack detection and mitigation.

You define the health check in Route 53 and then associate or disassociate it with your Shield Advanced protection. For more information, see Shield Advanced Health-Based Detection in the AWS WAF and AWS Shield Developer Guide.

", "GetSubscriptionState": "

Returns the SubscriptionState, either Active or Inactive.

", "ListAttacks": "

Returns all ongoing DDoS attacks or all DDoS attacks during a specified time period.

", "ListProtections": "

Lists all Protection objects for the account.

", @@ -28,7 +30,7 @@ } }, "AccessDeniedForDependencyException": { - "base": "

In order to grant the necessary access to the DDoS Response Team, the user submitting AssociateDRTRole must have the iam:PassRole permission. This error indicates the user did not have the appropriate permissions. For more information, see Granting a User Permissions to Pass a Role to an AWS Service.

", + "base": "

In order to grant the necessary access to the DDoS Response Team, the user submitting the request must have the iam:PassRole permission. This error indicates the user did not have the appropriate permissions. For more information, see Granting a User Permissions to Pass a Role to an AWS Service.

", "refs": { } }, @@ -52,6 +54,16 @@ "refs": { } }, + "AssociateHealthCheckRequest": { + "base": null, + "refs": { + } + }, + "AssociateHealthCheckResponse": { + "base": null, + "refs": { + } + }, "AttackDetail": { "base": "

The details of a DDoS attack.

", "refs": { @@ -247,6 +259,16 @@ "refs": { } }, + "DisassociateHealthCheckRequest": { + "base": null, + "refs": { + } + }, + "DisassociateHealthCheckResponse": { + "base": null, + "refs": { + } + }, "Double": { "base": null, "refs": { @@ -290,6 +312,25 @@ "refs": { } }, + "HealthCheckArn": { + "base": null, + "refs": { + "AssociateHealthCheckRequest$HealthCheckArn": "

The Amazon Resource Name (ARN) of the health check to associate with the protection.

", + "DisassociateHealthCheckRequest$HealthCheckArn": "

The Amazon Resource Name (ARN) of the health check that is associated with the protection.

" + } + }, + "HealthCheckId": { + "base": null, + "refs": { + "HealthCheckIds$member": null + } + }, + "HealthCheckIds": { + "base": null, + "refs": { + "Protection$HealthCheckIds": "

The unique identifier (ID) for the Route 53 health check that's associated with the protection.

" + } + }, "Integer": { "base": null, "refs": { @@ -436,9 +477,11 @@ "ProtectionId": { "base": null, "refs": { + "AssociateHealthCheckRequest$ProtectionId": "

The unique identifier (ID) for the Protection object to add the health check association to.

", "CreateProtectionResponse$ProtectionId": "

The unique identifier (ID) for the Protection object that is created.

", "DeleteProtectionRequest$ProtectionId": "

The unique identifier (ID) for the Protection object to be deleted.

", "DescribeProtectionRequest$ProtectionId": "

The unique identifier (ID) for the Protection object that is described. When submitting the DescribeProtection request you must provide either the ResourceArn or the ProtectionID, but not both.

", + "DisassociateHealthCheckRequest$ProtectionId": "

The unique identifier (ID) for the Protection object to remove the health check association from.

", "Protection$Id": "

The unique identifier (ID) of the protection.

" } }, diff --git a/service/ec2/api.go b/service/ec2/api.go index 27e7f831563..19ead6b38c5 100644 --- a/service/ec2/api.go +++ b/service/ec2/api.go @@ -48608,6 +48608,13 @@ type CreateVolumeInput struct { // fails. KmsKeyId *string `type:"string"` + // Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, + // you can attach the volume to up to 16 Nitro-based instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) + // in the same Availability Zone. For more information, see Amazon EBS Multi-Attach + // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html) + // in the Amazon Elastic Compute Cloud User Guide. + MultiAttachEnabled *bool `type:"boolean"` + // The Amazon Resource Name (ARN) of the Outpost. OutpostArn *string `type:"string"` @@ -48690,6 +48697,12 @@ func (s *CreateVolumeInput) SetKmsKeyId(v string) *CreateVolumeInput { return s } +// SetMultiAttachEnabled sets the MultiAttachEnabled field's value. +func (s *CreateVolumeInput) SetMultiAttachEnabled(v bool) *CreateVolumeInput { + s.MultiAttachEnabled = &v + return s +} + // SetOutpostArn sets the OutpostArn field's value. func (s *CreateVolumeInput) SetOutpostArn(v string) *CreateVolumeInput { s.OutpostArn = &v @@ -66031,6 +66044,9 @@ type DescribeVolumesInput struct { // // * encrypted - Indicates whether the volume is encrypted (true | false) // + // * multi-attach-enabled - Indicates whether the volume is enabled for Multi-Attach + // (true | false) + // // * fast-restored - Indicates whether the volume was created from a snapshot // that is enabled for fast snapshot restore (true | false). // @@ -66128,9 +66144,9 @@ type DescribeVolumesModificationsInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The filters. Supported filters: volume-id, modification-state, target-size, - // target-iops, target-volume-type, original-size, original-iops, original-volume-type, - // start-time. + // The filters. Supported filters: volume-id | modification-state | target-size + // | target-iops | target-volume-type | original-size | original-iops | original-volume-type + // | start-time | originalMultiAttachEnabled | targetMultiAttachEnabled. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of results (up to a limit of 500) to be returned in a @@ -68005,7 +68021,8 @@ type DetachVolumeInput struct { // and repair procedures. Force *bool `type:"boolean"` - // The ID of the instance. + // The ID of the instance. If you are detaching a Multi-Attach enabled volume, + // you must specify an instance ID. InstanceId *string `type:"string"` // The ID of the volume. @@ -105515,6 +105532,9 @@ type Volume struct { // key for the volume. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + // Indicates whether Amazon EBS Multi-Attach is enabled. + MultiAttachEnabled *bool `locationName:"multiAttachEnabled" type:"boolean"` + // The Amazon Resource Name (ARN) of the Outpost. OutpostArn *string `locationName:"outpostArn" type:"string"` @@ -105591,6 +105611,12 @@ func (s *Volume) SetKmsKeyId(v string) *Volume { return s } +// SetMultiAttachEnabled sets the MultiAttachEnabled field's value. +func (s *Volume) SetMultiAttachEnabled(v bool) *Volume { + s.MultiAttachEnabled = &v + return s +} + // SetOutpostArn sets the OutpostArn field's value. func (s *Volume) SetOutpostArn(v string) *Volume { s.OutpostArn = &v @@ -105918,6 +105944,39 @@ func (s *VolumeStatusAction) SetEventType(v string) *VolumeStatusAction { return s } +// Information about the instances to which the volume is attached. +type VolumeStatusAttachmentStatus struct { + _ struct{} `type:"structure"` + + // The ID of the attached instance. + InstanceId *string `locationName:"instanceId" type:"string"` + + // The maximum IOPS supported by the attached instance. + IoPerformance *string `locationName:"ioPerformance" type:"string"` +} + +// String returns the string representation +func (s VolumeStatusAttachmentStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VolumeStatusAttachmentStatus) GoString() string { + return s.String() +} + +// SetInstanceId sets the InstanceId field's value. +func (s *VolumeStatusAttachmentStatus) SetInstanceId(v string) *VolumeStatusAttachmentStatus { + s.InstanceId = &v + return s +} + +// SetIoPerformance sets the IoPerformance field's value. +func (s *VolumeStatusAttachmentStatus) SetIoPerformance(v string) *VolumeStatusAttachmentStatus { + s.IoPerformance = &v + return s +} + // Describes a volume status. type VolumeStatusDetails struct { _ struct{} `type:"structure"` @@ -105964,6 +106023,9 @@ type VolumeStatusEvent struct { // The type of this event. EventType *string `locationName:"eventType" type:"string"` + // The ID of the instance associated with the event. + InstanceId *string `locationName:"instanceId" type:"string"` + // The latest end time of the event. NotAfter *time.Time `locationName:"notAfter" type:"timestamp"` @@ -105999,6 +106061,12 @@ func (s *VolumeStatusEvent) SetEventType(v string) *VolumeStatusEvent { return s } +// SetInstanceId sets the InstanceId field's value. +func (s *VolumeStatusEvent) SetInstanceId(v string) *VolumeStatusEvent { + s.InstanceId = &v + return s +} + // SetNotAfter sets the NotAfter field's value. func (s *VolumeStatusEvent) SetNotAfter(v time.Time) *VolumeStatusEvent { s.NotAfter = &v @@ -106051,6 +106119,9 @@ type VolumeStatusItem struct { // The details of the operation. Actions []*VolumeStatusAction `locationName:"actionsSet" locationNameList:"item" type:"list"` + // Information about the instances to which the volume is attached. + AttachmentStatuses []*VolumeStatusAttachmentStatus `locationName:"attachmentStatuses" locationNameList:"item" type:"list"` + // The Availability Zone of the volume. AvailabilityZone *string `locationName:"availabilityZone" type:"string"` @@ -106083,6 +106154,12 @@ func (s *VolumeStatusItem) SetActions(v []*VolumeStatusAction) *VolumeStatusItem return s } +// SetAttachmentStatuses sets the AttachmentStatuses field's value. +func (s *VolumeStatusItem) SetAttachmentStatuses(v []*VolumeStatusAttachmentStatus) *VolumeStatusItem { + s.AttachmentStatuses = v + return s +} + // SetAvailabilityZone sets the AvailabilityZone field's value. func (s *VolumeStatusItem) SetAvailabilityZone(v string) *VolumeStatusItem { s.AvailabilityZone = &v diff --git a/service/mediatailor/api.go b/service/mediatailor/api.go index 6ff5fbbb29a..501aab2868d 100644 --- a/service/mediatailor/api.go +++ b/service/mediatailor/api.go @@ -871,6 +871,8 @@ type GetPlaybackConfigurationOutput struct { // The identifier for the playback configuration. Name *string `type:"string"` + PersonalizationThresholdSeconds *int64 `min:"1" type:"integer"` + // The Amazon Resource Name (ARN) for the playback configuration. PlaybackConfigurationArn *string `type:"string"` @@ -950,6 +952,12 @@ func (s *GetPlaybackConfigurationOutput) SetName(v string) *GetPlaybackConfigura return s } +// SetPersonalizationThresholdSeconds sets the PersonalizationThresholdSeconds field's value. +func (s *GetPlaybackConfigurationOutput) SetPersonalizationThresholdSeconds(v int64) *GetPlaybackConfigurationOutput { + s.PersonalizationThresholdSeconds = &v + return s +} + // SetPlaybackConfigurationArn sets the PlaybackConfigurationArn field's value. func (s *GetPlaybackConfigurationOutput) SetPlaybackConfigurationArn(v string) *GetPlaybackConfigurationOutput { s.PlaybackConfigurationArn = &v @@ -1212,6 +1220,8 @@ type PlaybackConfiguration struct { Name *string `type:"string"` + PersonalizationThresholdSeconds *int64 `min:"1" type:"integer"` + PlaybackConfigurationArn *string `type:"string"` PlaybackEndpointPrefix *string `type:"string"` @@ -1267,6 +1277,12 @@ func (s *PlaybackConfiguration) SetName(v string) *PlaybackConfiguration { return s } +// SetPersonalizationThresholdSeconds sets the PersonalizationThresholdSeconds field's value. +func (s *PlaybackConfiguration) SetPersonalizationThresholdSeconds(v int64) *PlaybackConfiguration { + s.PersonalizationThresholdSeconds = &v + return s +} + // SetPlaybackConfigurationArn sets the PlaybackConfigurationArn field's value. func (s *PlaybackConfiguration) SetPlaybackConfigurationArn(v string) *PlaybackConfiguration { s.PlaybackConfigurationArn = &v @@ -1332,6 +1348,8 @@ type PutPlaybackConfigurationInput struct { // The identifier for the playback configuration. Name *string `type:"string"` + PersonalizationThresholdSeconds *int64 `min:"1" type:"integer"` + // The URL for a high-quality video asset to transcode and use to fill in time // that's not used by ads. AWS Elemental MediaTailor shows the slate to fill // in gaps in media content. Configuring the slate is optional for non-VPAID @@ -1364,6 +1382,19 @@ func (s PutPlaybackConfigurationInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutPlaybackConfigurationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutPlaybackConfigurationInput"} + if s.PersonalizationThresholdSeconds != nil && *s.PersonalizationThresholdSeconds < 1 { + invalidParams.Add(request.NewErrParamMinValue("PersonalizationThresholdSeconds", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetAdDecisionServerUrl sets the AdDecisionServerUrl field's value. func (s *PutPlaybackConfigurationInput) SetAdDecisionServerUrl(v string) *PutPlaybackConfigurationInput { s.AdDecisionServerUrl = &v @@ -1394,6 +1425,12 @@ func (s *PutPlaybackConfigurationInput) SetName(v string) *PutPlaybackConfigurat return s } +// SetPersonalizationThresholdSeconds sets the PersonalizationThresholdSeconds field's value. +func (s *PutPlaybackConfigurationInput) SetPersonalizationThresholdSeconds(v int64) *PutPlaybackConfigurationInput { + s.PersonalizationThresholdSeconds = &v + return s +} + // SetSlateAdUrl sets the SlateAdUrl field's value. func (s *PutPlaybackConfigurationInput) SetSlateAdUrl(v string) *PutPlaybackConfigurationInput { s.SlateAdUrl = &v diff --git a/service/securityhub/api.go b/service/securityhub/api.go index 299140c32c1..627cadf48b2 100644 --- a/service/securityhub/api.go +++ b/service/securityhub/api.go @@ -157,7 +157,8 @@ func (c *SecurityHub) BatchDisableStandardsRequest(input *BatchDisableStandardsI // // Disables the standards specified by the provided StandardsSubscriptionArns. // -// For more information, see Standards Supported in AWS Security Hub (https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html). +// For more information, see Compliance Standards (https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html) +// section of the AWS Security Hub User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -247,11 +248,11 @@ func (c *SecurityHub) BatchEnableStandardsRequest(input *BatchEnableStandardsInp // BatchEnableStandards API operation for AWS SecurityHub. // -// Enables the standards specified by the provided standardsArn. +// Enables the standards specified by the provided StandardsArn. To obtain the +// ARN for a standard, use the DescribeStandards operation. // -// In this release, only CIS AWS Foundations standards are supported. -// -// For more information, see Standards Supported in AWS Security Hub (https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html). +// For more information, see the Compliance Standards (https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html) +// section of the AWS Security Hub User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1544,6 +1545,153 @@ func (c *SecurityHub) DescribeProductsPagesWithContext(ctx aws.Context, input *D return p.Err() } +const opDescribeStandards = "DescribeStandards" + +// DescribeStandardsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeStandards operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeStandards for more information on using the DescribeStandards +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeStandardsRequest method. +// req, resp := client.DescribeStandardsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeStandards +func (c *SecurityHub) DescribeStandardsRequest(input *DescribeStandardsInput) (req *request.Request, output *DescribeStandardsOutput) { + op := &request.Operation{ + Name: opDescribeStandards, + HTTPMethod: "GET", + HTTPPath: "/standards", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeStandardsInput{} + } + + output = &DescribeStandardsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeStandards API operation for AWS SecurityHub. +// +// Returns a list of the available standards in Security Hub. +// +// For each standard, the results include the standard ARN, the name, and a +// description. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation DescribeStandards for usage and error information. +// +// Returned Error Types: +// * InternalException +// Internal server error. +// +// * InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// * InvalidAccessException +// AWS Security Hub isn't enabled for the account used to make this request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeStandards +func (c *SecurityHub) DescribeStandards(input *DescribeStandardsInput) (*DescribeStandardsOutput, error) { + req, out := c.DescribeStandardsRequest(input) + return out, req.Send() +} + +// DescribeStandardsWithContext is the same as DescribeStandards with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeStandards for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) DescribeStandardsWithContext(ctx aws.Context, input *DescribeStandardsInput, opts ...request.Option) (*DescribeStandardsOutput, error) { + req, out := c.DescribeStandardsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeStandardsPages iterates over the pages of a DescribeStandards operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeStandards method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeStandards operation. +// pageNum := 0 +// err := client.DescribeStandardsPages(params, +// func(page *securityhub.DescribeStandardsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *SecurityHub) DescribeStandardsPages(input *DescribeStandardsInput, fn func(*DescribeStandardsOutput, bool) bool) error { + return c.DescribeStandardsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeStandardsPagesWithContext same as DescribeStandardsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) DescribeStandardsPagesWithContext(ctx aws.Context, input *DescribeStandardsInput, fn func(*DescribeStandardsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeStandardsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeStandardsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeStandardsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeStandardsControls = "DescribeStandardsControls" // DescribeStandardsControlsRequest generates a "aws/request.Request" representing the @@ -1575,6 +1723,12 @@ func (c *SecurityHub) DescribeStandardsControlsRequest(input *DescribeStandardsC Name: opDescribeStandardsControls, HTTPMethod: "GET", HTTPPath: "/standards/controls/{StandardsSubscriptionArn+}", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -1636,6 +1790,58 @@ func (c *SecurityHub) DescribeStandardsControlsWithContext(ctx aws.Context, inpu return out, req.Send() } +// DescribeStandardsControlsPages iterates over the pages of a DescribeStandardsControls operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeStandardsControls method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeStandardsControls operation. +// pageNum := 0 +// err := client.DescribeStandardsControlsPages(params, +// func(page *securityhub.DescribeStandardsControlsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *SecurityHub) DescribeStandardsControlsPages(input *DescribeStandardsControlsInput, fn func(*DescribeStandardsControlsOutput, bool) bool) error { + return c.DescribeStandardsControlsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeStandardsControlsPagesWithContext same as DescribeStandardsControlsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) DescribeStandardsControlsPagesWithContext(ctx aws.Context, input *DescribeStandardsControlsInput, fn func(*DescribeStandardsControlsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeStandardsControlsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeStandardsControlsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeStandardsControlsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDisableImportFindingsForProduct = "DisableImportFindingsForProduct" // DisableImportFindingsForProductRequest generates a "aws/request.Request" representing the @@ -2169,13 +2375,18 @@ func (c *SecurityHub) EnableSecurityHubRequest(input *EnableSecurityHubInput) (r // Enables Security Hub for your account in the current Region or the Region // you specify in the request. // -// Enabling Security Hub also enables the CIS AWS Foundations standard. -// // When you enable Security Hub, you grant to Security Hub the permissions necessary // to gather findings from AWS Config, Amazon GuardDuty, Amazon Inspector, and // Amazon Macie. // -// To learn more, see Setting Up AWS Security Hub (https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html). +// When you use the EnableSecurityHub operation to enable Security Hub, you +// also automatically enable the CIS AWS Foundations standard. You do not enable +// the Payment Card Industry Data Security Standard (PCI DSS) standard. To enable +// a standard, use the BatchEnableStandards operation. To disable a standard, +// use the BatchDisableStandards operation. +// +// To learn more, see Setting Up AWS Security Hub (https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html) +// in the AWS Security Hub User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2254,6 +2465,12 @@ func (c *SecurityHub) GetEnabledStandardsRequest(input *GetEnabledStandardsInput Name: opGetEnabledStandards, HTTPMethod: "POST", HTTPPath: "/standards/get", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -2313,6 +2530,58 @@ func (c *SecurityHub) GetEnabledStandardsWithContext(ctx aws.Context, input *Get return out, req.Send() } +// GetEnabledStandardsPages iterates over the pages of a GetEnabledStandards operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetEnabledStandards method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetEnabledStandards operation. +// pageNum := 0 +// err := client.GetEnabledStandardsPages(params, +// func(page *securityhub.GetEnabledStandardsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *SecurityHub) GetEnabledStandardsPages(input *GetEnabledStandardsInput, fn func(*GetEnabledStandardsOutput, bool) bool) error { + return c.GetEnabledStandardsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// GetEnabledStandardsPagesWithContext same as GetEnabledStandardsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) GetEnabledStandardsPagesWithContext(ctx aws.Context, input *GetEnabledStandardsInput, fn func(*GetEnabledStandardsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *GetEnabledStandardsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetEnabledStandardsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*GetEnabledStandardsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opGetFindings = "GetFindings" // GetFindingsRequest generates a "aws/request.Request" representing the @@ -3261,6 +3530,12 @@ func (c *SecurityHub) ListInvitationsRequest(input *ListInvitationsInput) (req * Name: opListInvitations, HTTPMethod: "GET", HTTPPath: "/invitations", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -3321,6 +3596,58 @@ func (c *SecurityHub) ListInvitationsWithContext(ctx aws.Context, input *ListInv return out, req.Send() } +// ListInvitationsPages iterates over the pages of a ListInvitations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListInvitations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListInvitations operation. +// pageNum := 0 +// err := client.ListInvitationsPages(params, +// func(page *securityhub.ListInvitationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *SecurityHub) ListInvitationsPages(input *ListInvitationsInput, fn func(*ListInvitationsOutput, bool) bool) error { + return c.ListInvitationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListInvitationsPagesWithContext same as ListInvitationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListInvitationsPagesWithContext(ctx aws.Context, input *ListInvitationsInput, fn func(*ListInvitationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListInvitationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListInvitationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListInvitationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListMembers = "ListMembers" // ListMembersRequest generates a "aws/request.Request" representing the @@ -3352,6 +3679,12 @@ func (c *SecurityHub) ListMembersRequest(input *ListMembersInput) (req *request. Name: opListMembers, HTTPMethod: "GET", HTTPPath: "/members", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -3412,6 +3745,58 @@ func (c *SecurityHub) ListMembersWithContext(ctx aws.Context, input *ListMembers return out, req.Send() } +// ListMembersPages iterates over the pages of a ListMembers operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListMembers method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListMembers operation. +// pageNum := 0 +// err := client.ListMembersPages(params, +// func(page *securityhub.ListMembersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *SecurityHub) ListMembersPages(input *ListMembersInput, fn func(*ListMembersOutput, bool) bool) error { + return c.ListMembersPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListMembersPagesWithContext same as ListMembersPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListMembersPagesWithContext(ctx aws.Context, input *ListMembersInput, fn func(*ListMembersOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListMembersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListMembersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListMembersOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListTagsForResource = "ListTagsForResource" // ListTagsForResourceRequest generates a "aws/request.Request" representing the @@ -6871,8 +7256,8 @@ type AwsSecurityFinding struct { AwsAccountId *string `type:"string" required:"true"` // This data type is exclusive to findings that are generated as the result - // of a check run against a specific rule in a supported standard (for example, - // CIS AWS Foundations). Contains compliance-related finding details. + // of a check run against a specific rule in a supported standard, such as CIS + // AWS Foundations. Contains compliance-related finding details. Compliance *Compliance `type:"structure"` // A finding's confidence. Confidence is defined as the likelihood that a finding @@ -7300,8 +7685,8 @@ type AwsSecurityFindingFilters struct { CompanyName []*StringFilter `type:"list"` // Exclusive to findings that are generated as the result of a check run against - // a specific rule in a supported standard (for example, CIS AWS Foundations). - // Contains compliance-related finding details. + // a specific rule in a supported standard, such as CIS AWS Foundations. Contains + // compliance-related finding details. ComplianceStatus []*StringFilter `type:"list"` // A finding's confidence. Confidence is defined as the likelihood that a finding @@ -8429,10 +8814,6 @@ type BatchEnableStandardsInput struct { // The list of standards compliance checks to enable. // - // In this release, Security Hub supports only the CIS AWS Foundations standard. - // - // The ARN for the standard is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0. - // // StandardsSubscriptionRequests is a required field StandardsSubscriptionRequests []*StandardsSubscriptionRequest `min:"1" type:"list" required:"true"` } @@ -8598,8 +8979,8 @@ func (s *BatchImportFindingsOutput) SetSuccessCount(v int64) *BatchImportFinding } // Exclusive to findings that are generated as the result of a check run against -// a specific rule in a supported standard (for example, CIS AWS Foundations). -// Contains compliance-related finding details. +// a specific rule in a supported standard, such as CIS AWS Foundations. Contains +// compliance-related finding details. // // Values include the following: // @@ -9314,7 +9695,11 @@ type DescribeActionTargetsInput struct { // The maximum number of results to return. MaxResults *int64 `min:"1" type:"integer"` - // The token that is required for pagination. + // The token that is required for pagination. On your first call to the DescribeActionTargets + // operation, set the value of this parameter to NULL. + // + // For subsequent calls to the operation, to continue listing data, set the + // value of this parameter to the value returned from the previous response. NextToken *string `type:"string"` } @@ -9368,7 +9753,7 @@ type DescribeActionTargetsOutput struct { // ActionTargets is a required field ActionTargets []*ActionTarget `type:"list" required:"true"` - // The token that is required for pagination. + // The pagination token to use to request the next page of results. NextToken *string `type:"string"` } @@ -9455,7 +9840,11 @@ type DescribeProductsInput struct { // The maximum number of results to return. MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` - // The token that is required for pagination. + // The token that is required for pagination. On your first call to the DescribeProducts + // operation, set the value of this parameter to NULL. + // + // For subsequent calls to the operation, to continue listing data, set the + // value of this parameter to the value returned from the previous response. NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` } @@ -9497,7 +9886,7 @@ func (s *DescribeProductsInput) SetNextToken(v string) *DescribeProductsInput { type DescribeProductsOutput struct { _ struct{} `type:"structure"` - // The token that is required for pagination. + // The pagination token to use to request the next page of results. NextToken *string `type:"string"` // A list of products, including details for each product. @@ -9534,9 +9923,11 @@ type DescribeStandardsControlsInput struct { // The maximum number of compliance standard controls to return. MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` - // For requests to get the next page of results, the pagination token that was - // returned with the previous set of results. The initial request does not include - // a pagination token. + // The token that is required for pagination. On your first call to the DescribeStandardsControls + // operation, set the value of this parameter to NULL. + // + // For subsequent calls to the operation, to continue listing data, set the + // value of this parameter to the value returned from the previous response. NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` // The ARN of a resource that represents your subscription to a supported standard. @@ -9598,9 +9989,7 @@ type DescribeStandardsControlsOutput struct { // A list of compliance standards controls. Controls []*StandardsControl `type:"list"` - // If there are more compliance standards control remaining in the results, - // then this is the pagination token to use to request the next page of compliance - // standard controls. + // The pagination token to use to request the next page of results. NextToken *string `type:"string"` } @@ -9626,6 +10015,87 @@ func (s *DescribeStandardsControlsOutput) SetNextToken(v string) *DescribeStanda return s } +type DescribeStandardsInput struct { + _ struct{} `type:"structure"` + + // The maximum number of standards to return. + MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` + + // The token that is required for pagination. On your first call to the DescribeStandards + // operation, set the value of this parameter to NULL. + // + // For subsequent calls to the operation, to continue listing data, set the + // value of this parameter to the value returned from the previous response. + NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeStandardsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeStandardsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeStandardsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeStandardsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeStandardsInput) SetMaxResults(v int64) *DescribeStandardsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeStandardsInput) SetNextToken(v string) *DescribeStandardsInput { + s.NextToken = &v + return s +} + +type DescribeStandardsOutput struct { + _ struct{} `type:"structure"` + + // The pagination token to use to request the next page of results. + NextToken *string `type:"string"` + + // A list of available standards. + Standards []*Standard `type:"list"` +} + +// String returns the string representation +func (s DescribeStandardsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeStandardsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeStandardsOutput) SetNextToken(v string) *DescribeStandardsOutput { + s.NextToken = &v + return s +} + +// SetStandards sets the Standards field's value. +func (s *DescribeStandardsOutput) SetStandards(v []*Standard) *DescribeStandardsOutput { + s.Standards = v + return s +} + type DisableImportFindingsForProductInput struct { _ struct{} `type:"structure"` @@ -9891,11 +10361,11 @@ type GetEnabledStandardsInput struct { // The maximum number of results to return in the response. MaxResults *int64 `min:"1" type:"integer"` - // Paginates results. On your first call to the GetEnabledStandards operation, - // set the value of this parameter to NULL. + // The token that is required for pagination. On your first call to the GetEnabledStandards + // operation, set the value of this parameter to NULL. // - // For subsequent calls to the operation, to continue listing data, set nextToken - // in the request to the value of nextToken from the previous response. + // For subsequent calls to the operation, to continue listing data, set the + // value of this parameter to the value returned from the previous response. NextToken *string `type:"string"` // The list of the standards subscription ARNs for the standards to retrieve. @@ -9949,7 +10419,7 @@ func (s *GetEnabledStandardsInput) SetStandardsSubscriptionArns(v []*string) *Ge type GetEnabledStandardsOutput struct { _ struct{} `type:"structure"` - // The token that is required for pagination. + // The pagination token to use to request the next page of results. NextToken *string `type:"string"` // The list of StandardsSubscriptions objects that include information about @@ -9989,11 +10459,11 @@ type GetFindingsInput struct { // The maximum number of findings to return. MaxResults *int64 `min:"1" type:"integer"` - // Paginates results. On your first call to the GetFindings operation, set the - // value of this parameter to NULL. + // The token that is required for pagination. On your first call to the GetFindings + // operation, set the value of this parameter to NULL. // - // For subsequent calls to the operation, to continue listing data, set nextToken - // in the request to the value of nextToken from the previous response. + // For subsequent calls to the operation, to continue listing data, set the + // value of this parameter to the value returned from the previous response. NextToken *string `type:"string"` // The finding attributes used to sort the list of returned findings. @@ -10055,7 +10525,7 @@ type GetFindingsOutput struct { // Findings is a required field Findings []*AwsSecurityFinding `type:"list" required:"true"` - // The token that is required for pagination. + // The pagination token to use to request the next page of results. NextToken *string `type:"string"` } @@ -10156,10 +10626,11 @@ type GetInsightsInput struct { // The maximum number of items to return in the response. MaxResults *int64 `min:"1" type:"integer"` - // Paginates results. On your first call to the GetInsights operation, set the - // value of this parameter to NULL. For subsequent calls to the operation, to - // continue listing data, set nextToken in the request to the value of nextToken - // from the previous response. + // The token that is required for pagination. On your first call to the GetInsights + // operation, set the value of this parameter to NULL. + // + // For subsequent calls to the operation, to continue listing data, set the + // value of this parameter to the value returned from the previous response. NextToken *string `type:"string"` } @@ -10212,7 +10683,7 @@ type GetInsightsOutput struct { // Insights is a required field Insights []*Insight `type:"list" required:"true"` - // The token that is required for pagination. + // The pagination token to use to request the next page of results. NextToken *string `type:"string"` } @@ -10973,10 +11444,11 @@ type ListEnabledProductsForImportInput struct { // The maximum number of items to return in the response. MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` - // Paginates results. On your first call to the ListEnabledProductsForImport - // operation, set the value of this parameter to NULL. For subsequent calls - // to the operation, to continue listing data, set nextToken in the request - // to the value of NextToken from the previous response. + // The token that is required for pagination. On your first call to the ListEnabledProductsForImport + // operation, set the value of this parameter to NULL. + // + // For subsequent calls to the operation, to continue listing data, set the + // value of this parameter to the value returned from the previous response. NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` } @@ -11018,7 +11490,7 @@ func (s *ListEnabledProductsForImportInput) SetNextToken(v string) *ListEnabledP type ListEnabledProductsForImportOutput struct { _ struct{} `type:"structure"` - // The token that is required for pagination. + // The pagination token to use to request the next page of results. NextToken *string `type:"string"` // The list of ARNs for the resources that represent your subscriptions to products. @@ -11053,10 +11525,11 @@ type ListInvitationsInput struct { // The maximum number of items to return in the response. MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` - // Paginates results. On your first call to the ListInvitations operation, set - // the value of this parameter to NULL. For subsequent calls to the operation, - // to continue listing data, set nextToken in the request to the value of NextToken - // from the previous response. + // The token that is required for pagination. On your first call to the ListInvitations + // operation, set the value of this parameter to NULL. + // + // For subsequent calls to the operation, to continue listing data, set the + // value of this parameter to the value returned from the previous response. NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` } @@ -11101,7 +11574,7 @@ type ListInvitationsOutput struct { // The details of the invitations returned by the operation. Invitations []*Invitation `type:"list"` - // The token that is required for pagination. + // The pagination token to use to request the next page of results. NextToken *string `type:"string"` } @@ -11133,19 +11606,20 @@ type ListMembersInput struct { // The maximum number of items to return in the response. MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` - // Paginates results. On your first call to the ListMembers operation, set the - // value of this parameter to NULL. For subsequent calls to the operation, to - // continue listing data, set nextToken in the request to the value of nextToken - // from the previous response. + // The token that is required for pagination. On your first call to the ListMembers + // operation, set the value of this parameter to NULL. + // + // For subsequent calls to the operation, to continue listing data, set the + // value of this parameter to the value returned from the previous response. NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` // Specifies which member accounts to include in the response based on their // relationship status with the master account. The default value is TRUE. // - // If onlyAssociated is set to TRUE, the response includes member accounts whose + // If OnlyAssociated is set to TRUE, the response includes member accounts whose // relationship status with the master is set to ENABLED or DISABLED. // - // If onlyAssociated is set to FALSE, the response includes all existing member + // If OnlyAssociated is set to FALSE, the response includes all existing member // accounts. OnlyAssociated *bool `location:"querystring" locationName:"OnlyAssociated" type:"boolean"` } @@ -11197,7 +11671,7 @@ type ListMembersOutput struct { // Member details returned by the operation. Members []*Member `type:"list"` - // The token that is required for pagination. + // The pagination token to use to request the next page of results. NextToken *string `type:"string"` } @@ -12608,6 +13082,48 @@ func (s *SortCriterion) SetSortOrder(v string) *SortCriterion { return s } +// Provides information about a specific standard. +type Standard struct { + _ struct{} `type:"structure"` + + // A description of the standard. + Description *string `type:"string"` + + // The name of the standard. + Name *string `type:"string"` + + // The ARN of a standard. + StandardsArn *string `type:"string"` +} + +// String returns the string representation +func (s Standard) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Standard) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *Standard) SetDescription(v string) *Standard { + s.Description = &v + return s +} + +// SetName sets the Name field's value. +func (s *Standard) SetName(v string) *Standard { + s.Name = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *Standard) SetStandardsArn(v string) *Standard { + s.StandardsArn = &v + return s +} + // Details for an individual compliance standard control. type StandardsControl struct { _ struct{} `type:"structure"` @@ -12631,8 +13147,11 @@ type StandardsControl struct { // The reason provided for the most recent change in status for the control. DisabledReason *string `type:"string"` + // The list of requirements that are related to this control. + RelatedRequirements []*string `type:"list"` + // A link to remediation information for the control in the Security Hub user - // documentation + // documentation. RemediationUrl *string `type:"string"` // The severity of findings generated from this compliance standard control. @@ -12688,6 +13207,12 @@ func (s *StandardsControl) SetDisabledReason(v string) *StandardsControl { return s } +// SetRelatedRequirements sets the RelatedRequirements field's value. +func (s *StandardsControl) SetRelatedRequirements(v []*string) *StandardsControl { + s.RelatedRequirements = v + return s +} + // SetRemediationUrl sets the RemediationUrl field's value. func (s *StandardsControl) SetRemediationUrl(v string) *StandardsControl { s.RemediationUrl = &v @@ -12718,9 +13243,6 @@ type StandardsSubscription struct { // The ARN of a standard. // - // In this release, Security Hub supports only the CIS AWS Foundations standard, - // which uses the following ARN: arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0. - // // StandardsArn is a required field StandardsArn *string `type:"string" required:"true"` @@ -12778,11 +13300,8 @@ func (s *StandardsSubscription) SetStandardsSubscriptionArn(v string) *Standards type StandardsSubscriptionRequest struct { _ struct{} `type:"structure"` - // The ARN of the standard that you want to enable. - // - // In this release, Security Hub only supports the CIS AWS Foundations standard. - // - // Its ARN is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0. + // The ARN of the standard that you want to enable. To view the list of available + // standards and their ARNs, use the DescribeStandards operation. // // StandardsArn is a required field StandardsArn *string `type:"string" required:"true"` diff --git a/service/securityhub/doc.go b/service/securityhub/doc.go index 6636a0a4f6b..dc49d8c86b5 100644 --- a/service/securityhub/doc.go +++ b/service/securityhub/doc.go @@ -5,11 +5,11 @@ // // Security Hub provides you with a comprehensive view of the security state // of your AWS environment and resources. It also provides you with the compliance -// status of your environment based on CIS AWS Foundations compliance checks. -// Security Hub collects security data from AWS accounts, services, and integrated -// third-party products and helps you analyze security trends in your environment -// to identify the highest priority security issues. For more information about -// Security Hub, see the AWS Security Hub User Guide (https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) . +// status of your environment based on controls from supported standards. Security +// Hub collects security data from AWS accounts, services, and integrated third-party +// products and helps you analyze security trends in your environment to identify +// the highest priority security issues. For more information about Security +// Hub, see the AWS Security Hub User Guide (https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) . // // When you use operations in the Security Hub API, the requests are executed // only in the AWS Region that is currently active or in the specific AWS Region @@ -32,7 +32,7 @@ // * UpdateFindings - RateLimit of 1 request per second. BurstLimit of 5 // requests per second. // -// * All other operations - RateLimit of 10 request per second. BurstLimit +// * All other operations - RateLimit of 10 requests per second. BurstLimit // of 30 requests per second. // // See https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26 for more information on this service. diff --git a/service/securityhub/securityhubiface/interface.go b/service/securityhub/securityhubiface/interface.go index c539f7879f3..8d04a857dfc 100644 --- a/service/securityhub/securityhubiface/interface.go +++ b/service/securityhub/securityhubiface/interface.go @@ -126,10 +126,20 @@ type SecurityHubAPI interface { DescribeProductsPages(*securityhub.DescribeProductsInput, func(*securityhub.DescribeProductsOutput, bool) bool) error DescribeProductsPagesWithContext(aws.Context, *securityhub.DescribeProductsInput, func(*securityhub.DescribeProductsOutput, bool) bool, ...request.Option) error + DescribeStandards(*securityhub.DescribeStandardsInput) (*securityhub.DescribeStandardsOutput, error) + DescribeStandardsWithContext(aws.Context, *securityhub.DescribeStandardsInput, ...request.Option) (*securityhub.DescribeStandardsOutput, error) + DescribeStandardsRequest(*securityhub.DescribeStandardsInput) (*request.Request, *securityhub.DescribeStandardsOutput) + + DescribeStandardsPages(*securityhub.DescribeStandardsInput, func(*securityhub.DescribeStandardsOutput, bool) bool) error + DescribeStandardsPagesWithContext(aws.Context, *securityhub.DescribeStandardsInput, func(*securityhub.DescribeStandardsOutput, bool) bool, ...request.Option) error + DescribeStandardsControls(*securityhub.DescribeStandardsControlsInput) (*securityhub.DescribeStandardsControlsOutput, error) DescribeStandardsControlsWithContext(aws.Context, *securityhub.DescribeStandardsControlsInput, ...request.Option) (*securityhub.DescribeStandardsControlsOutput, error) DescribeStandardsControlsRequest(*securityhub.DescribeStandardsControlsInput) (*request.Request, *securityhub.DescribeStandardsControlsOutput) + DescribeStandardsControlsPages(*securityhub.DescribeStandardsControlsInput, func(*securityhub.DescribeStandardsControlsOutput, bool) bool) error + DescribeStandardsControlsPagesWithContext(aws.Context, *securityhub.DescribeStandardsControlsInput, func(*securityhub.DescribeStandardsControlsOutput, bool) bool, ...request.Option) error + DisableImportFindingsForProduct(*securityhub.DisableImportFindingsForProductInput) (*securityhub.DisableImportFindingsForProductOutput, error) DisableImportFindingsForProductWithContext(aws.Context, *securityhub.DisableImportFindingsForProductInput, ...request.Option) (*securityhub.DisableImportFindingsForProductOutput, error) DisableImportFindingsForProductRequest(*securityhub.DisableImportFindingsForProductInput) (*request.Request, *securityhub.DisableImportFindingsForProductOutput) @@ -158,6 +168,9 @@ type SecurityHubAPI interface { GetEnabledStandardsWithContext(aws.Context, *securityhub.GetEnabledStandardsInput, ...request.Option) (*securityhub.GetEnabledStandardsOutput, error) GetEnabledStandardsRequest(*securityhub.GetEnabledStandardsInput) (*request.Request, *securityhub.GetEnabledStandardsOutput) + GetEnabledStandardsPages(*securityhub.GetEnabledStandardsInput, func(*securityhub.GetEnabledStandardsOutput, bool) bool) error + GetEnabledStandardsPagesWithContext(aws.Context, *securityhub.GetEnabledStandardsInput, func(*securityhub.GetEnabledStandardsOutput, bool) bool, ...request.Option) error + GetFindings(*securityhub.GetFindingsInput) (*securityhub.GetFindingsOutput, error) GetFindingsWithContext(aws.Context, *securityhub.GetFindingsInput, ...request.Option) (*securityhub.GetFindingsOutput, error) GetFindingsRequest(*securityhub.GetFindingsInput) (*request.Request, *securityhub.GetFindingsOutput) @@ -203,10 +216,16 @@ type SecurityHubAPI interface { ListInvitationsWithContext(aws.Context, *securityhub.ListInvitationsInput, ...request.Option) (*securityhub.ListInvitationsOutput, error) ListInvitationsRequest(*securityhub.ListInvitationsInput) (*request.Request, *securityhub.ListInvitationsOutput) + ListInvitationsPages(*securityhub.ListInvitationsInput, func(*securityhub.ListInvitationsOutput, bool) bool) error + ListInvitationsPagesWithContext(aws.Context, *securityhub.ListInvitationsInput, func(*securityhub.ListInvitationsOutput, bool) bool, ...request.Option) error + ListMembers(*securityhub.ListMembersInput) (*securityhub.ListMembersOutput, error) ListMembersWithContext(aws.Context, *securityhub.ListMembersInput, ...request.Option) (*securityhub.ListMembersOutput, error) ListMembersRequest(*securityhub.ListMembersInput) (*request.Request, *securityhub.ListMembersOutput) + ListMembersPages(*securityhub.ListMembersInput, func(*securityhub.ListMembersOutput, bool) bool) error + ListMembersPagesWithContext(aws.Context, *securityhub.ListMembersInput, func(*securityhub.ListMembersOutput, bool) bool, ...request.Option) error + ListTagsForResource(*securityhub.ListTagsForResourceInput) (*securityhub.ListTagsForResourceOutput, error) ListTagsForResourceWithContext(aws.Context, *securityhub.ListTagsForResourceInput, ...request.Option) (*securityhub.ListTagsForResourceOutput, error) ListTagsForResourceRequest(*securityhub.ListTagsForResourceInput) (*request.Request, *securityhub.ListTagsForResourceOutput) diff --git a/service/shield/api.go b/service/shield/api.go index dc532852620..3155bfa30ac 100644 --- a/service/shield/api.go +++ b/service/shield/api.go @@ -97,7 +97,7 @@ func (c *Shield) AssociateDRTLogBucketRequest(input *AssociateDRTLogBucketInput) // // * AccessDeniedForDependencyException // In order to grant the necessary access to the DDoS Response Team, the user -// submitting AssociateDRTRole must have the iam:PassRole permission. This error +// submitting the request must have the iam:PassRole permission. This error // indicates the user did not have the appropriate permissions. For more information, // see Granting a User Permissions to Pass a Role to an AWS Service (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html). // @@ -225,7 +225,7 @@ func (c *Shield) AssociateDRTRoleRequest(input *AssociateDRTRoleInput) (req *req // // * AccessDeniedForDependencyException // In order to grant the necessary access to the DDoS Response Team, the user -// submitting AssociateDRTRole must have the iam:PassRole permission. This error +// submitting the request must have the iam:PassRole permission. This error // indicates the user did not have the appropriate permissions. For more information, // see Granting a User Permissions to Pass a Role to an AWS Service (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html). // @@ -258,6 +258,111 @@ func (c *Shield) AssociateDRTRoleWithContext(ctx aws.Context, input *AssociateDR return out, req.Send() } +const opAssociateHealthCheck = "AssociateHealthCheck" + +// AssociateHealthCheckRequest generates a "aws/request.Request" representing the +// client's request for the AssociateHealthCheck operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AssociateHealthCheck for more information on using the AssociateHealthCheck +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the AssociateHealthCheckRequest method. +// req, resp := client.AssociateHealthCheckRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/shield-2016-06-02/AssociateHealthCheck +func (c *Shield) AssociateHealthCheckRequest(input *AssociateHealthCheckInput) (req *request.Request, output *AssociateHealthCheckOutput) { + op := &request.Operation{ + Name: opAssociateHealthCheck, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AssociateHealthCheckInput{} + } + + output = &AssociateHealthCheckOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// AssociateHealthCheck API operation for AWS Shield. +// +// Adds health-based detection to the Shield Advanced protection for a resource. +// Shield Advanced health-based detection uses the health of your AWS resource +// to improve responsiveness and accuracy in attack detection and mitigation. +// +// You define the health check in Route 53 and then associate it with your Shield +// Advanced protection. For more information, see Shield Advanced Health-Based +// Detection (https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html#ddos-advanced-health-check-option) +// in the AWS WAF and AWS Shield Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Shield's +// API operation AssociateHealthCheck for usage and error information. +// +// Returned Error Types: +// * InternalErrorException +// Exception that indicates that a problem occurred with the service infrastructure. +// You can retry the request. +// +// * LimitsExceededException +// Exception that indicates that the operation would exceed a limit. +// +// Type is the type of limit that would be exceeded. +// +// Limit is the threshold that would be exceeded. +// +// * ResourceNotFoundException +// Exception indicating the specified resource does not exist. +// +// * InvalidParameterException +// Exception that indicates that the parameters passed to the API are invalid. +// +// * OptimisticLockException +// Exception that indicates that the protection state has been modified by another +// client. You can retry the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/shield-2016-06-02/AssociateHealthCheck +func (c *Shield) AssociateHealthCheck(input *AssociateHealthCheckInput) (*AssociateHealthCheckOutput, error) { + req, out := c.AssociateHealthCheckRequest(input) + return out, req.Send() +} + +// AssociateHealthCheckWithContext is the same as AssociateHealthCheck with the addition of +// the ability to pass a context and additional request options. +// +// See AssociateHealthCheck for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Shield) AssociateHealthCheckWithContext(ctx aws.Context, input *AssociateHealthCheckInput, opts ...request.Option) (*AssociateHealthCheckOutput, error) { + req, out := c.AssociateHealthCheckRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateProtection = "CreateProtection" // CreateProtectionRequest generates a "aws/request.Request" representing the @@ -1156,7 +1261,7 @@ func (c *Shield) DisassociateDRTLogBucketRequest(input *DisassociateDRTLogBucket // // * AccessDeniedForDependencyException // In order to grant the necessary access to the DDoS Response Team, the user -// submitting AssociateDRTRole must have the iam:PassRole permission. This error +// submitting the request must have the iam:PassRole permission. This error // indicates the user did not have the appropriate permissions. For more information, // see Granting a User Permissions to Pass a Role to an AWS Service (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html). // @@ -1288,6 +1393,105 @@ func (c *Shield) DisassociateDRTRoleWithContext(ctx aws.Context, input *Disassoc return out, req.Send() } +const opDisassociateHealthCheck = "DisassociateHealthCheck" + +// DisassociateHealthCheckRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateHealthCheck operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisassociateHealthCheck for more information on using the DisassociateHealthCheck +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisassociateHealthCheckRequest method. +// req, resp := client.DisassociateHealthCheckRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/shield-2016-06-02/DisassociateHealthCheck +func (c *Shield) DisassociateHealthCheckRequest(input *DisassociateHealthCheckInput) (req *request.Request, output *DisassociateHealthCheckOutput) { + op := &request.Operation{ + Name: opDisassociateHealthCheck, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisassociateHealthCheckInput{} + } + + output = &DisassociateHealthCheckOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DisassociateHealthCheck API operation for AWS Shield. +// +// Removes health-based detection from the Shield Advanced protection for a +// resource. Shield Advanced health-based detection uses the health of your +// AWS resource to improve responsiveness and accuracy in attack detection and +// mitigation. +// +// You define the health check in Route 53 and then associate or disassociate +// it with your Shield Advanced protection. For more information, see Shield +// Advanced Health-Based Detection (https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html#ddos-advanced-health-check-option) +// in the AWS WAF and AWS Shield Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Shield's +// API operation DisassociateHealthCheck for usage and error information. +// +// Returned Error Types: +// * InternalErrorException +// Exception that indicates that a problem occurred with the service infrastructure. +// You can retry the request. +// +// * InvalidParameterException +// Exception that indicates that the parameters passed to the API are invalid. +// +// * ResourceNotFoundException +// Exception indicating the specified resource does not exist. +// +// * OptimisticLockException +// Exception that indicates that the protection state has been modified by another +// client. You can retry the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/shield-2016-06-02/DisassociateHealthCheck +func (c *Shield) DisassociateHealthCheck(input *DisassociateHealthCheckInput) (*DisassociateHealthCheckOutput, error) { + req, out := c.DisassociateHealthCheckRequest(input) + return out, req.Send() +} + +// DisassociateHealthCheckWithContext is the same as DisassociateHealthCheck with the addition of +// the ability to pass a context and additional request options. +// +// See DisassociateHealthCheck for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Shield) DisassociateHealthCheckWithContext(ctx aws.Context, input *DisassociateHealthCheckInput, opts ...request.Option) (*DisassociateHealthCheckOutput, error) { + req, out := c.DisassociateHealthCheckRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetSubscriptionState = "GetSubscriptionState" // GetSubscriptionStateRequest generates a "aws/request.Request" representing the @@ -1791,7 +1995,7 @@ func (s AccessDeniedException) RequestID() string { } // In order to grant the necessary access to the DDoS Response Team, the user -// submitting AssociateDRTRole must have the iam:PassRole permission. This error +// submitting the request must have the iam:PassRole permission. This error // indicates the user did not have the appropriate permissions. For more information, // see Granting a User Permissions to Pass a Role to an AWS Service (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html). type AccessDeniedForDependencyException struct { @@ -1965,6 +2169,80 @@ func (s AssociateDRTRoleOutput) GoString() string { return s.String() } +type AssociateHealthCheckInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the health check to associate with the + // protection. + // + // HealthCheckArn is a required field + HealthCheckArn *string `min:"1" type:"string" required:"true"` + + // The unique identifier (ID) for the Protection object to add the health check + // association to. + // + // ProtectionId is a required field + ProtectionId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s AssociateHealthCheckInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateHealthCheckInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateHealthCheckInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateHealthCheckInput"} + if s.HealthCheckArn == nil { + invalidParams.Add(request.NewErrParamRequired("HealthCheckArn")) + } + if s.HealthCheckArn != nil && len(*s.HealthCheckArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("HealthCheckArn", 1)) + } + if s.ProtectionId == nil { + invalidParams.Add(request.NewErrParamRequired("ProtectionId")) + } + if s.ProtectionId != nil && len(*s.ProtectionId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ProtectionId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHealthCheckArn sets the HealthCheckArn field's value. +func (s *AssociateHealthCheckInput) SetHealthCheckArn(v string) *AssociateHealthCheckInput { + s.HealthCheckArn = &v + return s +} + +// SetProtectionId sets the ProtectionId field's value. +func (s *AssociateHealthCheckInput) SetProtectionId(v string) *AssociateHealthCheckInput { + s.ProtectionId = &v + return s +} + +type AssociateHealthCheckOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s AssociateHealthCheckOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateHealthCheckOutput) GoString() string { + return s.String() +} + // The details of a DDoS attack. type AttackDetail struct { _ struct{} `type:"structure"` @@ -2833,6 +3111,80 @@ func (s DisassociateDRTRoleOutput) GoString() string { return s.String() } +type DisassociateHealthCheckInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the health check that is associated with + // the protection. + // + // HealthCheckArn is a required field + HealthCheckArn *string `min:"1" type:"string" required:"true"` + + // The unique identifier (ID) for the Protection object to remove the health + // check association from. + // + // ProtectionId is a required field + ProtectionId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DisassociateHealthCheckInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateHealthCheckInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisassociateHealthCheckInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisassociateHealthCheckInput"} + if s.HealthCheckArn == nil { + invalidParams.Add(request.NewErrParamRequired("HealthCheckArn")) + } + if s.HealthCheckArn != nil && len(*s.HealthCheckArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("HealthCheckArn", 1)) + } + if s.ProtectionId == nil { + invalidParams.Add(request.NewErrParamRequired("ProtectionId")) + } + if s.ProtectionId != nil && len(*s.ProtectionId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ProtectionId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHealthCheckArn sets the HealthCheckArn field's value. +func (s *DisassociateHealthCheckInput) SetHealthCheckArn(v string) *DisassociateHealthCheckInput { + s.HealthCheckArn = &v + return s +} + +// SetProtectionId sets the ProtectionId field's value. +func (s *DisassociateHealthCheckInput) SetProtectionId(v string) *DisassociateHealthCheckInput { + s.ProtectionId = &v + return s +} + +type DisassociateHealthCheckOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DisassociateHealthCheckOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateHealthCheckOutput) GoString() string { + return s.String() +} + // Contact information that the DRT can use to contact you during a suspected // attack. type EmergencyContact struct { @@ -3715,6 +4067,10 @@ func (s OptimisticLockException) RequestID() string { type Protection struct { _ struct{} `type:"structure"` + // The unique identifier (ID) for the Route 53 health check that's associated + // with the protection. + HealthCheckIds []*string `type:"list"` + // The unique identifier (ID) of the protection. Id *string `min:"1" type:"string"` @@ -3735,6 +4091,12 @@ func (s Protection) GoString() string { return s.String() } +// SetHealthCheckIds sets the HealthCheckIds field's value. +func (s *Protection) SetHealthCheckIds(v []*string) *Protection { + s.HealthCheckIds = v + return s +} + // SetId sets the Id field's value. func (s *Protection) SetId(v string) *Protection { s.Id = &v diff --git a/service/shield/errors.go b/service/shield/errors.go index 51626321758..a0af389f673 100644 --- a/service/shield/errors.go +++ b/service/shield/errors.go @@ -19,7 +19,7 @@ const ( // "AccessDeniedForDependencyException". // // In order to grant the necessary access to the DDoS Response Team, the user - // submitting AssociateDRTRole must have the iam:PassRole permission. This error + // submitting the request must have the iam:PassRole permission. This error // indicates the user did not have the appropriate permissions. For more information, // see Granting a User Permissions to Pass a Role to an AWS Service (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html). ErrCodeAccessDeniedForDependencyException = "AccessDeniedForDependencyException" diff --git a/service/shield/shieldiface/interface.go b/service/shield/shieldiface/interface.go index c325f026fea..47565e0198b 100644 --- a/service/shield/shieldiface/interface.go +++ b/service/shield/shieldiface/interface.go @@ -68,6 +68,10 @@ type ShieldAPI interface { AssociateDRTRoleWithContext(aws.Context, *shield.AssociateDRTRoleInput, ...request.Option) (*shield.AssociateDRTRoleOutput, error) AssociateDRTRoleRequest(*shield.AssociateDRTRoleInput) (*request.Request, *shield.AssociateDRTRoleOutput) + AssociateHealthCheck(*shield.AssociateHealthCheckInput) (*shield.AssociateHealthCheckOutput, error) + AssociateHealthCheckWithContext(aws.Context, *shield.AssociateHealthCheckInput, ...request.Option) (*shield.AssociateHealthCheckOutput, error) + AssociateHealthCheckRequest(*shield.AssociateHealthCheckInput) (*request.Request, *shield.AssociateHealthCheckOutput) + CreateProtection(*shield.CreateProtectionInput) (*shield.CreateProtectionOutput, error) CreateProtectionWithContext(aws.Context, *shield.CreateProtectionInput, ...request.Option) (*shield.CreateProtectionOutput, error) CreateProtectionRequest(*shield.CreateProtectionInput) (*request.Request, *shield.CreateProtectionOutput) @@ -112,6 +116,10 @@ type ShieldAPI interface { DisassociateDRTRoleWithContext(aws.Context, *shield.DisassociateDRTRoleInput, ...request.Option) (*shield.DisassociateDRTRoleOutput, error) DisassociateDRTRoleRequest(*shield.DisassociateDRTRoleInput) (*request.Request, *shield.DisassociateDRTRoleOutput) + DisassociateHealthCheck(*shield.DisassociateHealthCheckInput) (*shield.DisassociateHealthCheckOutput, error) + DisassociateHealthCheckWithContext(aws.Context, *shield.DisassociateHealthCheckInput, ...request.Option) (*shield.DisassociateHealthCheckOutput, error) + DisassociateHealthCheckRequest(*shield.DisassociateHealthCheckInput) (*request.Request, *shield.DisassociateHealthCheckOutput) + GetSubscriptionState(*shield.GetSubscriptionStateInput) (*shield.GetSubscriptionStateOutput, error) GetSubscriptionStateWithContext(aws.Context, *shield.GetSubscriptionStateInput, ...request.Option) (*shield.GetSubscriptionStateOutput, error) GetSubscriptionStateRequest(*shield.GetSubscriptionStateInput) (*request.Request, *shield.GetSubscriptionStateOutput)